From 30a51bd861b149dbe07deb1d45ffdb3e484f8efb Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Tue, 18 Jan 2022 10:07:46 -0700 Subject: [PATCH 001/268] Update cisagov_I.yml Added Ivanti vendor products --- data/cisagov_I.yml | 2064 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 2037 insertions(+), 27 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 1298cc9..f611efc 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6974,11 +6974,101 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Ivanti + product: Application Control for Linux + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Application Control for Windows + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' - vendor: Ivanti product: Avalanche cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -7006,26 +7096,49 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti File Director + product: Avalanche Remote Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* - fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Asset Management (CAM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7043,19 +7156,49 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core + product: Cherwell Service Management (CSM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Connect Pro + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7068,25 +7211,54 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + product: Credential mgr (PivD Manager) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 9.13 - - 9.14 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7099,24 +7271,54 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core Connector + product: DSM cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7129,7 +7331,1815 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected - Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory Page + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Mobile@Work + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access/ZSO + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated - No Impact + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 9.13 + - 9.14 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Virtual Desktop Extender + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' From d6a3710422085ebec294c781510d864843c325d6 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Tue, 18 Jan 2022 11:04:03 -0700 Subject: [PATCH 002/268] Update cisagov_I.yml --- data/cisagov_I.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index f611efc..84a5f79 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -7908,7 +7908,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected - Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. references: - '' last_updated: '2022-01-18T00:00:00' @@ -8153,7 +8153,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MI Mobile@Work + product: MI MobileAtWork cves: cve-2021-4104: investigated: '' @@ -8212,7 +8212,7 @@ software: references: - '' last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti + - vendor: Ivanti product: Mi Tunnel App cves: cve-2021-4104: @@ -8243,7 +8243,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Access/ZSO + product: MobileIron Access ZSO cves: cve-2021-4104: investigated: '' @@ -8268,7 +8268,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Mitigated - No Impact + notes: Mitigated. No Impact references: - '' last_updated: '2022-01-18T00:00:00' From 4c6f714c58fd46e945f89163be07e5340f6463bf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 15:27:40 -0500 Subject: [PATCH 003/268] Update cisagov_I.yml Update versions for Ivanti --- data/cisagov_I.yml | 162 ++++++++++++++++++++++----------------------- 1 file changed, 81 insertions(+), 81 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 84a5f79..774ab9a 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6987,7 +6987,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7017,7 +7017,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7047,7 +7047,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7075,8 +7075,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 6.2.2 - - 6.3.0 to 6.3.3 + - '6.2.2' + - '6.3.0 to 6.3.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7108,7 +7108,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7138,7 +7138,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7168,7 +7168,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7198,7 +7198,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7228,7 +7228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7258,7 +7258,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7288,7 +7288,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7318,7 +7318,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7348,7 +7348,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7378,7 +7378,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7408,7 +7408,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7438,7 +7438,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7468,7 +7468,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7498,7 +7498,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7528,7 +7528,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7558,7 +7558,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7588,7 +7588,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7618,7 +7618,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7648,7 +7648,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7678,7 +7678,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7706,15 +7706,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* + - '2019.1.*' + - '2020.1.*' + - '2020.3.*' + - '2021.1.*' + - '4.4.*' fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + - '2021.3 HF2' + - '2021.1 HF1' + - '2020.3 HF2' unaffected_versions: [] cve-2021-45046: investigated: '' @@ -7745,7 +7745,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7775,7 +7775,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7805,7 +7805,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7835,7 +7835,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7865,7 +7865,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7895,7 +7895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7925,7 +7925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7955,7 +7955,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -7985,7 +7985,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8015,7 +8015,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8045,7 +8045,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8075,7 +8075,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8105,7 +8105,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8135,7 +8135,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8165,7 +8165,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8195,7 +8195,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8225,7 +8225,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8253,7 +8253,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8285,7 +8285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8315,7 +8315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8345,7 +8345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8373,7 +8373,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8403,8 +8403,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.13 - - 9.14 + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8434,7 +8434,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8466,7 +8466,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8496,7 +8496,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8526,7 +8526,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8556,7 +8556,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8586,7 +8586,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8616,7 +8616,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8646,7 +8646,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8676,7 +8676,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8706,7 +8706,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8736,7 +8736,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8766,7 +8766,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8796,7 +8796,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8826,7 +8826,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8856,7 +8856,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8886,7 +8886,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8916,7 +8916,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8946,7 +8946,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -8976,7 +8976,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -9006,7 +9006,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -9036,7 +9036,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -9066,7 +9066,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -9096,7 +9096,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] @@ -9126,7 +9126,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: '' affected_versions: [] From bee5ac6aeac5bcd10b2de3ac09c6107f20e5494f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 18 Jan 2022 16:11:02 -0500 Subject: [PATCH 004/268] Update cisagov_M.yml Remove duplicate mobile iron entries --- data/cisagov_M.yml | 137 --------------------------------------------- 1 file changed, 137 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index c96ff4b..5e33f8f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -2233,143 +2233,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: MobileIron - product: Core - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Core Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Reporting Database (RDB) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Sentry - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - vendor: MongoDB product: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) From dd4d70100a258285beff49d1c3a50e77375258a0 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 18 Jan 2022 21:16:08 +0000 Subject: [PATCH 005/268] Update the software list --- SOFTWARE-LIST.md | 4 -- data/cisagov.yml | 137 ----------------------------------------------- 2 files changed, 141 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 3cc682e..26429b6 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2026,10 +2026,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Mitel | | | | Unknown | [link](https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-21-0010) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MMM Group | Control software of all MMM series | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | MMM Group | RUMED360 Cycles, RUMED360 Cycles View, RUMED360 Sicon, RUMED360 ISA-Server | | | Unknown | [link](https://www.mmmgroup.com/en/news/cybersecurity-vulnerability-log4shell-java-library-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| MobileIron | Core | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Core Connector | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Reporting Database (RDB) | All Versions | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| MobileIron | Sentry | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US) | The mitigation instructions listed in a subsequent section removes a vulnerable Java class (JNDILookUp.class) from the affected Log4J Java library and as a result removes the ability to perform the RCE attack. The workaround needs to be applied in a maintenance window. You will not be able to access the admin portal during the procedure, however, end user devices will continue to function. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | MongoDB | All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MongoDB | MongoDB Atlas Search | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MongoDB | MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) | | | Unknown | [link](https://www.mongodb.com/blog/post/log4shell-vulnerability-cve-2021-44228-and-mongodb) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 286186c..f1a4797 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -59189,143 +59189,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: MobileIron - product: Core - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Core Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Reporting Database (RDB) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All Versions - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: MobileIron - product: Sentry - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '9.13' - - '9.14' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/Security-Bulletin-CVE-2021-44228-Remote-code-injection-in-Log4j?language=en_US - notes: The mitigation instructions listed in a subsequent section removes a vulnerable - Java class (JNDILookUp.class) from the affected Log4J Java library and as a - result removes the ability to perform the RCE attack. The workaround needs - to be applied in a maintenance window. You will not be able to access the admin - portal during the procedure, however, end user devices will continue to function. - references: - - '' - last_updated: '2021-12-20T00:00:00' - vendor: MongoDB product: All other components of MongoDB Atlas (including Atlas Database, Data Lake, Charts) From d05720c1609f2db6dea3bffc750098ef765d6323 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 19 Jan 2022 15:11:21 +0000 Subject: [PATCH 006/268] Update the software list --- SOFTWARE-LIST.md | 67 ++ data/cisagov.yml | 2067 +++++++++++++++++++++++++++++++++++++++++++++- 2 files changed, 2107 insertions(+), 27 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 26429b6..de017d6 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1772,11 +1772,78 @@ NOTE: This file is automatically generated. To submit updates, please refer to | iRedMail | | | | Unknown | [link](https://forum.iredmail.org/topic18605-log4j-cve202144228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ironnet | | | | Unknown | [link](https://www.ironnet.com/blog/ironnet-security-notifications-related-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ISLONLINE | | | | Unknown | [link](https://blog.islonline.com/2021/12/13/isl-online-is-not-affected-by-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ivanti | Application Control for Linux | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Application Control for Windows | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Automation | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Avalanche | 6.2.2, 6.3.0 to 6.3.3 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Avalanche Remote Control | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | CETerm (Naurtech) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Cherwell Asset Management (CAM) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Cherwell Service Management (CSM) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Connect Pro | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | ConnectPro (Termproxy) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Credential mgr (PivD Manager) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Discovery Classic | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | DSM | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Environment Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | GoldMine | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | HEAT Classic | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | IIRIS (Neurons for IIOT) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Incapptic Connect | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Insight | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | ITSM 6/7 | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Asset Lifecycle Management | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Device Application Control | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Endpoint Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Endpoint Security | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Environment Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti EPM - Cloud Service Appliance | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Ivanti File Director | 2019.1.*, 2020.1.*, 2020.3.*, 2021.1.*, 4.4.* | 2021.3 HF2, 2021.1 HF1, 2020.3 HF2 | Fixed | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Identity Director | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti License Optimizer (ILO) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Management Center | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Neurons Platform | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Performance Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Security Controls (Patch ISec) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory Page | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Service Desk | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | Not Affected. Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Service Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Service Manager for Neurons (Cloud) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Voice | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Ivanti Workspace Control | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Appconnect | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Email+ | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Go Client | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI MobileAtWork | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MI Security Productivity Apps | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Mi Tunnel App | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Access ZSO | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | Mitigated. No Impact | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron BYOD Portal | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Cloud | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | MobileIron Cloud Connector | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | MobileIron Core | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | MobileIron Core Connector | All | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Core Connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | MobileIron Sentry (Core/Cloud) | 9.13, 9.14 | | Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | See Advisory details for mitigation instructions for MobileIron Sentry. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Patch MEM (Microsoft Endpoint Manager) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Patch OEM APIs | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Performance Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Connect Secure | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Desktop Client | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Mobile Client | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse One | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Policy Secure | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Services Director | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Virtual Traffic Manager | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse Web Application Firewall | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Pulse ZTA | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Risksense Threat and Vulnerability Management | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | SpeakEasy (add-on to Velocity) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | SpeakEasy (WinCE) | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Terminal Emulation and Industrial Browser | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Velocity | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | VelocityCE | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Virtual Desktop Extender | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Wavelink License Server | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | +| Ivanti | Xtraction | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Jamasoftware | | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Jamf | Jamf Pro | 10.31.0 – 10.34.0 | | Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Janitza | GridVis | | | Not Affected | [link](https://www.janitza.com/us/gridvis-download.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | diff --git a/data/cisagov.yml b/data/cisagov.yml index f1a4797..62174da 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -51745,11 +51745,101 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Ivanti + product: Application Control for Linux + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Application Control for Windows + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Automation + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' - vendor: Ivanti product: Avalanche cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -51777,26 +51867,49 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti File Director + product: Avalanche Remote Control cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2019.1.* - - 2020.1.* - - 2020.3.* - - 2021.1.* - - 4.4.* - fixed_versions: - - 2021.3 HF2 - - 2021.1 HF1 - - 2020.3 HF2 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -51814,19 +51927,49 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core + product: Cherwell Asset Management (CAM) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Cherwell Service Management (CSM) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -51839,24 +51982,54 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core. + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core Connector + product: Connect Pro cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -51869,25 +52042,54 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + product: Credential mgr (PivD Manager) cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.13' - - '9.14' + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Discovery Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -51900,7 +52102,1818 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: DSM + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: GoldMine + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: HEAT Classic + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: IIRIS (Neurons for IIOT) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Incapptic Connect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ITSM 6/7 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Asset Lifecycle Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Device Application Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Endpoint Security + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Environment Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti EPM - Cloud Service Appliance + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Identity Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti License Optimizer (ILO) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Management Center + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Neurons Platform + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Security Controls (Patch ISec) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Desk + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Service Manager for Neurons (Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Voice + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti Workspace Control + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Appconnect + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Email+ + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Go Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI MobileAtWork + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MI Security Productivity Apps + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Mi Tunnel App + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Access ZSO + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: Mitigated. No Impact + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron BYOD Portal + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Cloud Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.13' + - '9.14' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch MEM (Microsoft Endpoint Manager) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Patch OEM APIs + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Performance Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse One + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Services Director + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse Web Application Firewall + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Risksense Threat and Vulnerability Management + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (add-on to Velocity) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: SpeakEasy (WinCE) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Terminal Emulation and Industrial Browser + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Velocity + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: VelocityCE + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Virtual Desktop Extender + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Wavelink License Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Xtraction + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' From b7f20d4d5bf54e0a52159e8d15c3bde394f5d104 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:19:16 -0500 Subject: [PATCH 007/268] Update cisagov_M.yml Update Micro Focus Data Protector --- data/cisagov_M.yml | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 5e33f8f..d804cd6 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1649,8 +1649,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -1660,7 +1660,17 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1673,11 +1683,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + - https://portal.microfocus.com/s/article/KM000003052?language=en_US notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - https://portal.microfocus.com/s/article/KM000003050 + last_updated: '2021-12-13T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -1747,7 +1757,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 + - '<2.3.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From abae007da693b3ed1d5efde340dcbbe6a8b0fb35 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:28:15 -0500 Subject: [PATCH 008/268] Update cisagov_H.yml Update HPE/Micro Focus Data Protector --- data/cisagov_H.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index ec3baf7..ba100c0 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -5400,6 +5400,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: + - '9.09' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003243 + notes: '' + references: + - https://portal.microfocus.com/s/article/KM000003243 + last_updated: '2021-12-17T00:00:00' - vendor: HOLOGIC product: Advanced Workflow Manager (AWM) cves: From 1d5a7753f69fac331b0056b250b5518b5af98661 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:50:23 -0500 Subject: [PATCH 009/268] Revert "Update Micro Focus, Issue #421 and Issue #422" --- data/cisagov_H.yml | 30 ------------------------------ data/cisagov_M.yml | 24 +++++++----------------- 2 files changed, 7 insertions(+), 47 deletions(-) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index ba100c0..ec3baf7 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -5400,36 +5400,6 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: - - '9.09' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: '' - references: - - https://portal.microfocus.com/s/article/KM000003243 - last_updated: '2021-12-17T00:00:00' - vendor: HOLOGIC product: Advanced Workflow Manager (AWM) cves: diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index d804cd6..5e33f8f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1649,8 +1649,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + - vendor: MicroFocus + product: '' cves: cve-2021-4104: investigated: false @@ -1660,17 +1660,7 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1683,11 +1673,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052?language=en_US + - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 notes: '' references: - - https://portal.microfocus.com/s/article/KM000003050 - last_updated: '2021-12-13T07:18:54+00:00' + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -1757,7 +1747,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '<2.3.10' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: From 6c59992c1deb3ec49ef8d2060fc81966c33522c2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:15:09 -0500 Subject: [PATCH 010/268] Update cisagov_H.yml Updated versions with quotes --- data/cisagov_H.yml | 83 +++++++++++++++++++++++----------------------- 1 file changed, 41 insertions(+), 42 deletions(-) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index ec3baf7..07d96e9 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -423,7 +423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -453,7 +453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -483,7 +483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 10.0.7 + - '< 10.0.7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -543,7 +543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -573,7 +573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -603,7 +603,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.21.7 - 1.22.9 - - 2.0.3 - 2.1.5 - - 2.2.0 - 3.0.2 + - '1.21.7-1.22.9' + - '2.0.3-2.1.5' + - '2.2.0-3.0.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -751,7 +751,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Elasticsearch 5.0.0+ + - 'Elasticsearch 5.0.0+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -813,7 +813,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v6 + - 'v6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -904,10 +904,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 + - 'R15A' + - 'R14B' + - 'R14A' + - 'R11B SP1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -921,10 +921,9 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For - details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN - - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi - Energy Customer Connect Portal. + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For details on how to apply such patch, + please refer to the technical bulletin “FOXMAN-UN Installation of Log4j Patch”, version A (1KHW029176) + available in the Hitachi Energy Customer Connect Portal. references: - '' last_updated: '2022-01-05T00:00:00' @@ -940,7 +939,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - R11A and R10 series + - 'R11A and R10 series' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1030,9 +1029,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - v1.7.x - - v1.8.x - - v1.9.x + - 'v1.7.x' + - 'v1.8.x' + - 'v1.9.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1091,9 +1090,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.0 - 9.10.44 - - 9.1.1 - - 10.3.4 + - '9.0-9.10.44' + - '9.1.1' + - '10.3.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1123,7 +1122,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.1.0.32 - 9.1.0.44 + - '9.1.0.32-9.1.0.44' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1155,7 +1154,7 @@ software: fixed_versions: - '12.1' - '12.2' - - 19c + - '19c' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1187,8 +1186,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - 3.7.15 - - 3.7.16 + - '3.7.15' + - '3.7.16' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1218,7 +1217,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2.0.0 + - '2.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1249,10 +1248,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 + - 'R15A' + - 'R14B' + - 'R14A' + - 'R11B SP1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1285,7 +1284,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - R11A and R10 series + - 'R11A and R10 series' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1519,7 +1518,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < v113 + - '< v113' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1549,7 +1548,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.0.6 + - '< 1.0.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1579,7 +1578,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.10.3 + - '< 21.10.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1609,8 +1608,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.03.6 - - < 20.07.4 + - '< 21.03.6' + - '< 20.07.4' unaffected_versions: [] cve-2021-45046: investigated: false From 91e32617995dba68f61ff294f1e9d23e559ab400 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:21:56 -0500 Subject: [PATCH 011/268] Update cisagov_H.yml Fix trailing whitespace --- data/cisagov_H.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index 07d96e9..9138702 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -921,8 +921,8 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For details on how to apply such patch, - please refer to the technical bulletin “FOXMAN-UN Installation of Log4j Patch”, version A (1KHW029176) + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For details on how to apply such patch, + please refer to the technical bulletin “FOXMAN-UN Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. references: - '' From 712b6f12dac15838f79f4faf814855d20ebecc0d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:26:38 -0500 Subject: [PATCH 012/268] Update cisagov_H.yml Add HPE/Micro Focus Data Protector --- data/cisagov_H.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index 9138702..f7a33fe 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -5399,6 +5399,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: + - '9.09' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003243 + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - https://portal.microfocus.com/s/article/KM000003050 + last_updated: '2021-12-17T00:00:00' - vendor: HOLOGIC product: Advanced Workflow Manager (AWM) cves: From 0c9b7f1de64be9c75a3ae379baaf764c50f3e933 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:37:40 -0500 Subject: [PATCH 013/268] Update cisagov_M.yml Update versions with quotes --- data/cisagov_M.yml | 50 +++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 25 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 5e33f8f..a2f5906 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -73,7 +73,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 11305 and below + - '< 11305' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -105,7 +105,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Build 6.1 build 6114 + - 'Build 6.1 build 6114' cve-2021-45046: investigated: false affected_versions: [] @@ -161,7 +161,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -191,7 +191,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -221,7 +221,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -251,7 +251,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -281,7 +281,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -311,7 +311,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -341,7 +341,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -371,7 +371,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -401,7 +401,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -431,7 +431,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -461,7 +461,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -491,7 +491,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - On-Prem + - 'On-Prem' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -610,7 +610,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.59.10+ + - '1.59.10+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -950,7 +950,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 5.10 CU11 + - '5.10 CU11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1344,7 +1344,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 11.5.3 + - '11.5.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1747,7 +1747,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 + - '< 2.3.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1777,7 +1777,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 + - '< 2.3.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1807,7 +1807,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2019.0 - 2020.1 + - '2019.0 - 2020.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1895,7 +1895,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2018.2+ + - '2018.2+' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2568,8 +2568,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.x - - 4.x + - '3.x' + - '4.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2600,7 +2600,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 6.x + - '6.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2661,7 +2661,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.x + - '7.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From e18b1af8b97479c25d56e20e5b346fd06d90f4e6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:41:06 -0500 Subject: [PATCH 014/268] Update cisagov_M.yml remove obsolete microfocus entry --- data/cisagov_M.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index a2f5906..f986f04 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1649,35 +1649,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: From c340a009e9446fe180b540ad585934b066737042 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:45:30 -0500 Subject: [PATCH 015/268] Update cisagov_M.yml Update Micro Focus entry --- data/cisagov_M.yml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index f986f04..7b7ddf6 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1914,6 +1914,45 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003052 + notes: '' + references: + - https://portal.microfocus.com/s/article/KM000003050 + last_updated: '2021-12-13T00:00:00' - vendor: Midori Global product: '' cves: From 253424a8105acfdc3284acb971039ff7ee8d8a9d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:48:05 -0500 Subject: [PATCH 016/268] Update cisagov_H.yml Update Micro Focus Entry --- data/cisagov_H.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index f7a33fe..c2ac23c 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -5408,7 +5408,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: - '9.09' From cd80419c60fcc029808e8fff864a44b8ac611239 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 10:54:39 -0700 Subject: [PATCH 017/268] Update cisagov_I.yml Updated Inductive Automation Ignition product. --- data/cisagov_I.yml | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 774ab9a..8c9c197 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6216,7 +6216,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Inductive Automation - product: '' + product: Ignition cves: cve-2021-4104: investigated: false @@ -6224,10 +6224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -6240,10 +6241,10 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: '' + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-19T00:00:00' - vendor: IndustrialDefender product: '' cves: From 15e49c793562d66afd9a55f9118831ee3709fefc Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 12:57:26 -0500 Subject: [PATCH 018/268] Revert "Add Micro Focus products, Issue #421 & #422" --- data/cisagov_H.yml | 113 ++++++++++++++++--------------------------- data/cisagov_M.yml | 118 +++++++++++++++++++++------------------------ 2 files changed, 96 insertions(+), 135 deletions(-) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index c2ac23c..ec3baf7 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -423,7 +423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -453,7 +453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -483,7 +483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.0.7' + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -543,7 +543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -573,7 +573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -603,7 +603,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.21.7-1.22.9' - - '2.0.3-2.1.5' - - '2.2.0-3.0.2' + - 1.21.7 - 1.22.9 + - 2.0.3 - 2.1.5 + - 2.2.0 - 3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -751,7 +751,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Elasticsearch 5.0.0+' + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -813,7 +813,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v6' + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -904,10 +904,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -921,9 +921,10 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For details on how to apply such patch, - please refer to the technical bulletin “FOXMAN-UN Installation of Log4j Patch”, version A (1KHW029176) - available in the Hitachi Energy Customer Connect Portal. + notes: A patch is available for releases R15A, R14B, R14A and R11B SP1. . For + details on how to apply such patch, please refer to the technical bulletin “FOXMAN-UN + - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi + Energy Customer Connect Portal. references: - '' last_updated: '2022-01-05T00:00:00' @@ -939,7 +940,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -1029,9 +1030,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v1.7.x' - - 'v1.8.x' - - 'v1.9.x' + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -1090,9 +1091,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.0-9.10.44' - - '9.1.1' - - '10.3.4' + - 9.0 - 9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1122,7 +1123,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.1.0.32-9.1.0.44' + - 9.1.0.32 - 9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1154,7 +1155,7 @@ software: fixed_versions: - '12.1' - '12.2' - - '19c' + - 19c unaffected_versions: [] cve-2021-45046: investigated: false @@ -1186,8 +1187,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.7.15' - - '3.7.16' + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1217,7 +1218,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.0.0' + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1248,10 +1249,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1284,7 +1285,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -1518,7 +1519,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< v113' + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1548,7 +1549,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.0.6' + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1578,7 +1579,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 21.10.3' + - < 21.10.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1608,8 +1609,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 21.03.6' - - '< 20.07.4' + - < 21.03.6 + - < 20.07.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5399,36 +5400,6 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '9.09' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: 'Support Communication Cross Reference ID: SIK7387' - references: - - https://portal.microfocus.com/s/article/KM000003050 - last_updated: '2021-12-17T00:00:00' - vendor: HOLOGIC product: Advanced Workflow Manager (AWM) cves: diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 7b7ddf6..5e33f8f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -73,7 +73,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 11305' + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -105,7 +105,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Build 6.1 build 6114' + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -161,7 +161,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -191,7 +191,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -221,7 +221,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -251,7 +251,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -281,7 +281,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -311,7 +311,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -341,7 +341,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -371,7 +371,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -401,7 +401,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -431,7 +431,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -461,7 +461,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -491,7 +491,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'On-Prem' + - On-Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -610,7 +610,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.59.10+' + - 1.59.10+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -950,7 +950,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.10 CU11' + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1344,7 +1344,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '11.5.3' + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1649,6 +1649,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: MicroFocus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -1718,7 +1747,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 2.3.10' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1748,7 +1777,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 2.3.10' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1778,7 +1807,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.0 - 2020.1' + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1866,7 +1895,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2018.2+' + - 2018.2+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1914,45 +1943,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 - notes: '' - references: - - https://portal.microfocus.com/s/article/KM000003050 - last_updated: '2021-12-13T00:00:00' - vendor: Midori Global product: '' cves: @@ -2578,8 +2568,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.x' - - '4.x' + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2610,7 +2600,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '6.x' + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2671,7 +2661,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.x' + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: From 6aa19e8d58fb8a9e5a91d79c4d879ae0ab80e124 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 10:58:12 -0700 Subject: [PATCH 019/268] Update cisagov_M.yml Added Moxa Vendor information --- data/cisagov_M.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 5e33f8f..9c2423a 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -2527,6 +2527,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Mulesoft product: '' cves: From 36445fc3e7c04707fa4d3d0e51c6d0d4c64d4d02 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:01:15 -0700 Subject: [PATCH 020/268] Update cisagov_T.yml Added Tridium vendor --- data/cisagov_T.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index 188d8dc..ff7a99e 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -2927,6 +2927,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Tridium + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability status. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Tripp Lite product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) From 2513388f7aefdaa08661fed4f02ec30a768ffbeb Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 19 Jan 2022 11:03:31 -0700 Subject: [PATCH 021/268] Update cisagov_V.yml Added Video Insight vendor --- data/cisagov_V.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 5a6257a..4d2e58d 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -1408,6 +1408,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Viso Trust product: '' cves: From e3e8cef63f7f93248ed0b23587753abb3ccc3c1f Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 19 Jan 2022 18:12:46 +0000 Subject: [PATCH 022/268] Update the software list --- SOFTWARE-LIST.md | 5 ++- data/cisagov.yml | 104 ++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 103 insertions(+), 6 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index de017d6..2c26ea4 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1746,7 +1746,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Illumio | VEN | | | Unknown | [link](https://support.illumio.com/knowledge-base/articles/Customer-Security-Advisory-on-log4j-RCE-CVE-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | IManage | | | | Unknown | [link](https://help.imanage.com/hc/en-us/articles/4412696236699-ADVISORY-Security-vulnerability-CVE-2021-44228-in-third-party-component-Apache-Log4j2#h_3164fa6c-4717-4aa1-b2dc-d14d4112595e) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Imperva | | | | Unknown | [link](https://www.imperva.com/blog/how-were-protecting-customers-staying-ahead-of-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Inductive Automation | | | | Unknown | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Inductive Automation | Ignition | | | Not Affected | [link](https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day) | Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | IndustrialDefender | | | | Unknown | [link](https://www.industrialdefender.com/cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | infinidat | | | | Unknown | [link](https://support.infinidat.com/hc/en-us/articles/4413483145489-INFINIDAT-Support-Announcement-2021-010-Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | InfluxData | | | | Unknown | [link](https://www.influxdata.com/blog/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2103,6 +2103,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Moodle | | | | Unknown | [link](https://moodle.org/mod/forum/discuss.php?d=429966) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MoogSoft | | | | Unknown | [link](https://servicedesk.moogsoft.com/hc/en-us/articles/4412463233811?input_string=log4j+vulnerability+%7C%7C+cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Motorola Avigilon | | | | Unknown | [link](https://support.avigilon.com/s/article/Technical-Notification-Apache-Log4j2-vulnerability-impact-on-Avigilon-products-CVE-2021-44228?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Moxa | | | | Not Affected | [link](https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability) | Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | Mulesoft | | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Mulesoft | Anypoint Studio | 7.x | | Affected | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Mulesoft | Cloudhub | | | Unknown | [link](https://help.mulesoft.com/s/article/Apache-Log4j2-vulnerability-December-2021) | This advisory is available to account holders only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -2631,6 +2632,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | TPLink | Omega Controller | Linux/Windows(all) | | Affected | [link](https://www.tp-link.com/us/support/faq/3255) | Update is Beta. Reddit: overwritten vulnerable log4j with 2.15 files as potential workaround. Though that should now be done with 2.16 | [Tp Community Link](https://community.tp-link.com/en/business/forum/topic/514452),[Reddit Link](https://www.reddit.com/r/TPLink_Omada/comments/rdzvlp/updating_the_sdn_to_protect_against_the_log4j) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | TrendMicro | All | | | Unknown | [link](https://success.trendmicro.com/solution/000289940) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Tricentis Tosca | | | | Unknown | [link](https://support-hub.tricentis.com/open?number=NEW0001148&id=post) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Tridium | | | | Unknown | [link](https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf) | Document access requires authentication. CISA is not able to validate vulnerability status. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | Trimble | eCognition | 10.2.0 Build 4618 | | Affected | | Remediation steps provided by Trimble | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Tripp Lite | LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) | | | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 | | Tripp Lite | PowerAlert Local (PAL) | | | Unknown | [link](https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf) | Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-04 | @@ -2699,6 +2701,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Venafi | | | | Unknown | [link](https://support.venafi.com/hc/en-us/articles/4416213022733-Log4j-Zero-Day-Vulnerability-notice) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Veritas NetBackup | | | | Unknown | [link](https://www.veritas.com/content/support/en_US/article.100052070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Vertica | | | | Unknown | [link](https://forum.vertica.com/discussion/242512/vertica-security-bulletin-a-potential-vulnerability-has-been-identified-apache-log4j-library-used) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Video Insight Inc. | Video Insight | | | Not Affected | [link](https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability) | Video Insight is a part of Panasonic I-Pro. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-19 | | Viso Trust | | | | Unknown | [link](https://blog.visotrust.com/viso-trust-statement-re-cve-2021-44228-log4j-a4b9b5767492) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | VMware | API Portal for VMware Tanzu | 1.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VMware | App Metrics | 2.x | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 62174da..07e73cb 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -50987,7 +50987,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Inductive Automation - product: '' + product: Ignition cves: cve-2021-4104: investigated: false @@ -50995,10 +50995,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -51011,10 +51012,11 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: '' + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-19T00:00:00' - vendor: IndustrialDefender product: '' cves: @@ -61496,6 +61498,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Moxa + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Mulesoft product: '' cves: @@ -77172,6 +77206,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Tridium + product: '' + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Trimble product: eCognition cves: @@ -79196,6 +79260,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' + - vendor: Video Insight Inc. + product: Video Insight + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://i-pro.com/eu/en/surveillance/news/i-pro-products-and-log4j-2x-vulnerability + notes: Video Insight is a part of Panasonic I-Pro. + references: + - '' + last_updated: '2022-01-19T00:00:00' - vendor: Viso Trust product: '' cves: From 1182f7eaa71e1b979f40cd0f021dcb73f133f7cd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 13:20:09 -0500 Subject: [PATCH 023/268] Update cisagov_M.yml Add Micro Focus Data Protector, delete old entry --- data/cisagov_M.yml | 68 ++++++++++++++++++++++++++-------------------- 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 9c2423a..5cb0cce 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1649,35 +1649,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -1943,6 +1914,45 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Midori Global product: '' cves: From f02508a01d8712d762fb9d8625e3ef8a3c1fe732 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 13:22:32 -0500 Subject: [PATCH 024/268] Update cisagov_M.yml Update micro focus date and links --- data/cisagov_M.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 5cb0cce..6aa3f26 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1948,11 +1948,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2021-12-13T00:00:00' - vendor: Midori Global product: '' cves: @@ -1980,7 +1980,7 @@ software: - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected notes: '' references: - - '' + - https://portal.microfocus.com/s/article/KM000003050 last_updated: '2022-01-12T07:18:54+00:00' - vendor: Mikrotik product: '' From 93e85bb726ba8c39d84b295bd5788c718b9cd26a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 13:32:36 -0500 Subject: [PATCH 025/268] Revert "Add Micro Focus Data Protector, Issue # 422" --- data/cisagov_M.yml | 70 ++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 40 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 6aa3f26..9c2423a 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1649,6 +1649,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: MicroFocus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -1914,45 +1943,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 - notes: '' - references: - - '' - last_updated: '2021-12-13T00:00:00' - vendor: Midori Global product: '' cves: @@ -1980,7 +1970,7 @@ software: - https://www.midori-global.com/blog/2021/12/15/cve-2021-44228-log4shell-midori-apps-are-not-affected notes: '' references: - - https://portal.microfocus.com/s/article/KM000003050 + - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Mikrotik product: '' From 5c18ed9f3f86b17b56d332b3e26f5c0e0e02632b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 13:45:14 -0500 Subject: [PATCH 026/268] Update cisagov_M.yml Remove old micro focus entry --- data/cisagov_M.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 9c2423a..da80257 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1649,35 +1649,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft product: Azure Application Gateway cves: From 79a407d05727f5b0efe410438bfa50441f863090 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 13:50:00 -0500 Subject: [PATCH 027/268] Update cisagov_M.yml Add Micro Focus Data Protector product --- data/cisagov_M.yml | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index da80257..d390a43 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -1914,6 +1914,45 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' + - vendor: Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003052 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Midori Global product: '' cves: From 720a8986d20b0150d6c7f692b8da8fc16f1d36f9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 14:08:27 -0500 Subject: [PATCH 028/268] Update cisagov_M.yml Add quotes for version numbers, etc. --- data/cisagov_M.yml | 62 +++++++++++++++++++--------------------------- 1 file changed, 25 insertions(+), 37 deletions(-) diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index d390a43..987e2bb 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -73,7 +73,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 11305 and below + - '11305 and below' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -105,7 +105,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Build 6.1 build 6114 + - 'Build 6.1 build 6114' cve-2021-45046: investigated: false affected_versions: [] @@ -160,8 +160,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -190,8 +189,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -220,8 +218,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -250,8 +247,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -280,8 +276,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -310,8 +305,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -340,8 +334,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -370,8 +363,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -400,8 +392,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -430,8 +421,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -460,8 +450,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -490,8 +479,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -610,7 +598,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.59.10+ + - '1.59.10+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -950,7 +938,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 5.10 CU11 + - '5.10 CU11' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1344,7 +1332,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 11.5.3 + - '11.5.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1718,7 +1706,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 + - '< 2.3.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1748,7 +1736,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.3.10 + - '< 2.3.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1778,7 +1766,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2019.0 - 2020.1 + - '2019.0 - 2020.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1866,7 +1854,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2018.2+ + - '2018.2+' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2608,8 +2596,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.x - - 4.x + - '3.x' + - '4.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2640,7 +2628,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 6.x + - '6.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2701,7 +2689,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.x + - '7.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From f7530501cd505a9a4498f05ae033ee6fbb05d34e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 19 Jan 2022 19:14:16 +0000 Subject: [PATCH 029/268] Update the software list --- SOFTWARE-LIST.md | 26 ++++++++++----------- data/cisagov.yml | 60 +++++++++++++++++++++++------------------------- 2 files changed, 42 insertions(+), 44 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2c26ea4..b496a05 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2019,18 +2019,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ManageEngine Zoho | ADAudit Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | ADManager Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Analytics Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Cloud Security Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | DataSecurity Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | EventLog Analyzer | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Exchange Reporter Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Log360 | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | Log360 UEBA | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | M365 Manager Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | M365 Security Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine Zoho | RecoveryManager Plus | On-Prem | | Affected | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Analytics Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Cloud Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | DataSecurity Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | EventLog Analyzer | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Exchange Reporter Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Log360 | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | Log360 UEBA | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | | ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2073,7 +2073,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | MEINBERG | LANTIME and microSync | | | Unknown | [link](https://www.meinbergglobal.com/english/news/meinberg-lantime-and-microsync-systems-not-at-risk-from-log4j-security-exploit.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Meltano | Meltano | | | Unknown | [link](https://github.com/meltano/meltano) | Project is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Memurai | | | | Unknown | [link](https://www.memurai.com/blog/apache-log4j2-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| MicroFocus | | | | Unknown | [link](https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Micro Focus | Data Protector | | 10.20, 10.30, 10.40, 10.50, 10.60, 10.70, 10.80, 10.90, 10.91, 11.00 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003052) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Microsoft | Azure API Gateway | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Microsoft | Azure Application Gateway | | | Unknown | [link](https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Microsoft | Azure Data lake store java | < 2.3.10 | | Affected | [link](https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 07e73cb..42f2d44 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -59072,8 +59072,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59102,8 +59101,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59132,8 +59130,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59162,8 +59159,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59192,8 +59188,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59222,8 +59217,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59252,8 +59246,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59282,8 +59275,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59312,8 +59304,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59342,8 +59333,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59372,8 +59362,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59402,8 +59391,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - On-Prem + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -60620,8 +60608,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: MicroFocus - product: '' + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -60629,9 +60617,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -60644,11 +60642,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/customportalsearch?language=en_US&searchtext=CVE-2021-44228 + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Microsoft product: Azure API Gateway cves: From b3596c2f121007d590c84cb0226a4edf484d24f9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 14:34:31 -0500 Subject: [PATCH 030/268] Update cisagov_H.yml Update version numbers with quotes --- data/cisagov_H.yml | 76 +++++++++++++++++++++++----------------------- 1 file changed, 38 insertions(+), 38 deletions(-) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index ec3baf7..ef287f9 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -423,7 +423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -453,7 +453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -483,7 +483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 10.0.7 + - '< 10.0.7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -543,7 +543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -573,7 +573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -603,7 +603,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.21.7 - 1.22.9 - - 2.0.3 - 2.1.5 - - 2.2.0 - 3.0.2 + - '1.21.7-1.22.9' + - '2.0.3-2.1.5' + - '2.2.0-3.0.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -751,7 +751,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Elasticsearch 5.0.0+ + - 'Elasticsearch 5.0.0+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -813,7 +813,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v6 + - 'v6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -904,10 +904,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 + - 'R15A' + - 'R14B' + - 'R14A' + - 'R11B SP1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -940,7 +940,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - R11A and R10 series + - 'R11A and R10 series' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1030,9 +1030,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - v1.7.x - - v1.8.x - - v1.9.x + - 'v1.7.x' + - 'v1.8.x' + - 'v1.9.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1091,9 +1091,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.0 - 9.10.44 - - 9.1.1 - - 10.3.4 + - '9.0-9.10.44' + - '9.1.1' + - '10.3.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1123,7 +1123,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.1.0.32 - 9.1.0.44 + - '9.1.0.32-9.1.0.44' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1155,7 +1155,7 @@ software: fixed_versions: - '12.1' - '12.2' - - 19c + - '19c' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1187,8 +1187,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - 3.7.15 - - 3.7.16 + - '3.7.15' + - '3.7.16' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1218,7 +1218,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2.0.0 + - '2.0.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1249,10 +1249,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - R15A - - R14B - - R14A - - R11B SP1 + - 'R15A' + - 'R14B' + - 'R14A' + - 'R11B SP1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1285,7 +1285,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - R11A and R10 series + - 'R11A and R10 series' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1519,7 +1519,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < v113 + - '< v113' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1549,7 +1549,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.0.6 + - '< 1.0.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1579,7 +1579,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.10.3 + - '< 21.10.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1609,8 +1609,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.03.6 - - < 20.07.4 + - '< 21.03.6' + - '< 20.07.4' unaffected_versions: [] cve-2021-45046: investigated: false From 80790cc522c41903fb45a907587a87209440e68b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 19 Jan 2022 14:39:45 -0500 Subject: [PATCH 031/268] Update cisagov_H.yml Add HPE/Micro Focus Data Protector --- data/cisagov_H.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index ef287f9..6456aa3 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -5400,6 +5400,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.09' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003243 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' - vendor: HOLOGIC product: Advanced Workflow Manager (AWM) cves: From 6df9cd0e657bbfe3f7897b2d28502b8ef7c30430 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 19 Jan 2022 19:45:29 +0000 Subject: [PATCH 032/268] Update the software list --- SOFTWARE-LIST.md | 7 ++++--- data/cisagov.yml | 40 +++++++++++++++++++++++++++++++++++----- 2 files changed, 39 insertions(+), 8 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index b496a05..0c198bc 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1351,7 +1351,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HCL Software | BigFix Mobile | | | Not Affected | [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | HCL Software | BigFix Patch | | | Not Affected | [link](https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0095486) | Not Affected for related CVE-2021-45046 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | HelpSystems Clearswift | | | | Unknown | [link](https://community.helpsystems.com/kb-nav/kb-article/?id=37becc1c-255c-ec11-8f8f-6045bd006687) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| HENIX | Squash TM | | 1.21.7 - 1.22.9, 2.0.3 - 2.1.5, 2.2.0 - 3.0.2 | Fixed | [link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| HENIX | Squash TM | | 1.21.7-1.22.9, 2.0.3-2.1.5, 2.2.0-3.0.2 | Fixed | [link](https://tm-en.doc.squashtest.com/v3/downloads.html#download-previous-versions) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Hexagon | | | | Unknown | [link](https://supportsi.hexagon.com/help/s/article/Security-Vulnerability-CVE-2021-44228-log4j-2?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hikvision | | | | Unknown | [link](https://video.xortec.de/media/pdf/87/e8/03/kw50_Update-for-Apache-Log4j2-Issue-Hikvision_official.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hitachi Energy | 3rd party - Elastic Search, Kibana | | Elasticsearch 5.0.0+ | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | Set the JVM option -Dlog4j2.formatMsgNoLookups=true and restart each node of the cluster. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -1366,8 +1366,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Hitachi Energy | Lumada APM SaaS offering | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The SaaS offering has been patched per the recommendations. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | Lumada EAM / FSM | | v1.7.x, v1.8.x, v1.9.x | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See Section Mitigation Strategy in vendor advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | MMS Internal facing subcomponent. | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Hitachi Energy | Network Manager ADMS Network Model Server | | 9.1.0.32 - 9.1.0.44 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Hitachi Energy | Network Manager Outage Management Interface (CMI) | | 9.0 - 9.10.44, 9.1.1, 10.3.4 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| Hitachi Energy | Network Manager ADMS Network Model Server | | 9.1.0.32-9.1.0.44 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| Hitachi Energy | Network Manager Outage Management Interface (CMI) | | 9.0-9.10.44, 9.1.1, 10.3.4 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | See vendor advisory for instructions on mitigation steps. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | nMarket Global I-SEM | | 3.7.15, 3.7.16 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | RelCare | | 2.0.0 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | No action is required by customers. The RelCare SaaS hosted solution and the on-premises have been patched per the recommendations. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Hitachi Energy | UNEM | | R15A, R14B, R14A, R11B SP1 | Fixed | [link](https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch) | A patch is available for releases R15A, R14B, R14A and R11B SP1. For details on how to apply such patch, please refer to the technical bulletin “UNEM - Installation of Log4j Patch”, version A (1KHW029176) available in the Hitachi Energy Customer Connect Portal. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -1396,6 +1396,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Honeywell | | | | Unknown | [link](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | HPE | 3PAR StoreServ Arrays | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | AirWave Management Platform | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Alletra 6000 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 42f2d44..7633387 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -39478,9 +39478,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.21.7 - 1.22.9 - - 2.0.3 - 2.1.5 - - 2.2.0 - 3.0.2 + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -39942,7 +39942,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.1.0.32 - 9.1.0.44 + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -39972,7 +39972,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 9.0 - 9.10.44 + - 9.0-9.10.44 - 9.1.1 - 10.3.4 unaffected_versions: [] @@ -40824,6 +40824,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' + - vendor: HPE/Micro Focus + product: Data Protector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.09' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://portal.microfocus.com/s/article/KM000003243 + notes: '' + references: + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' - vendor: HPE product: 3PAR StoreServ Arrays cves: From 5259523cde6123c2213bcde601fd33a05cae4797 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Fri, 21 Jan 2022 09:37:30 -0700 Subject: [PATCH 033/268] Update cisagov_W.yml Updated Wind River product information. --- data/cisagov_W.yml | 257 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 246 insertions(+), 11 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index f8b1dae..158e9ee 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -210,35 +210,270 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + - vendor: Wind River + product: WRL-6 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: WireShark product: '' cves: From f48ac38c9b7be6ab1ae908a6d1aebe61e09ff7de Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 24 Jan 2022 14:10:28 -0500 Subject: [PATCH 034/268] Update cisagov/log4j-md-yml from v1.1.0 to v1.1.1 --- config/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/requirements.txt b/config/requirements.txt index e5b41a2..76c9f9b 100644 --- a/config/requirements.txt +++ b/config/requirements.txt @@ -1 +1 @@ -https://github.com/cisagov/log4j-md-yml/archive/v1.1.0.tar.gz +https://github.com/cisagov/log4j-md-yml/archive/v1.1.1.tar.gz From 7f11fc634bdda9eb70a9cf8ee78bff07a577330e Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 24 Jan 2022 15:05:11 -0500 Subject: [PATCH 035/268] Normalize individual cisagov_*.yml files Add functionality to the update_software_list workflow to normalize the component files for every push. This will ensure that they are kept in a manner consistent with how the primary cisagov.yml file stores data. --- .github/workflows/update_software_list.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/update_software_list.yml b/.github/workflows/update_software_list.yml index 6350ccc..77b125e 100644 --- a/.github/workflows/update_software_list.yml +++ b/.github/workflows/update_software_list.yml @@ -68,6 +68,12 @@ jobs: run: pip install --upgrade --requirement config/requirements.txt - name: Create the branch for test validation run: git switch --create ${{ needs.setup.outputs.testing_branch }} + - name: Normalize individual cisagov_*.yml files + run: | + for file in data/cisagov_*yml; do \ + normalize-yml --cisagov-format "$file" > "$file".tmp; \ + mv --force "$file".tmp "$file"; \ + done - name: Update the comprehensive cisagov YAML file run: normalize-yml --cisagov-format data/cisagov_*.yml > data/cisagov.yml - name: Generate a normalized YAML file from all source YAML files @@ -84,7 +90,7 @@ jobs: commit_user_name: ${{ needs.setup.outputs.git_user }} commit_user_email: ${{ needs.setup.outputs.git_email }} commit_author: ${{ needs.setup.outputs.git_author }} - file_pattern: SOFTWARE-LIST.md data/cisagov.yml + file_pattern: SOFTWARE-LIST.md data/cisagov*.yml merge_list_update: runs-on: ubuntu-latest needs: From 605e96457746aafc6698e7e6b76d70c54cf7271d Mon Sep 17 00:00:00 2001 From: Paul Schrauder Date: Mon, 24 Jan 2022 15:06:48 -0600 Subject: [PATCH 036/268] Updated Salesforce statuses --- data/cisagov_S.yml | 69 ++++++++++++++++------------------------------ 1 file changed, 24 insertions(+), 45 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 3ef818e..936e184 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -146,9 +146,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services - have been updated to mitigate the issues identified in CVE-2021-44228 and we - are executing our final validation steps."' + notes: 'Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -177,8 +175,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The - service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -207,8 +204,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. - The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -237,12 +233,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: 'ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here.' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Community Cloud + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -266,8 +262,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: '"Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -296,9 +291,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: 'Data.com was affected by CVE-2021-44228 and CVE-2021-45046.  Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -357,9 +350,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: 'Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -388,9 +379,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. - Services have been updated to mitigate the issues identified in CVE-2021-44228 - and we are executing our final validation steps."' + notes: 'Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -419,8 +408,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is - being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + +The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -449,8 +439,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action - is necessary at this time."' + notes: 'Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -479,8 +468,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -509,8 +497,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -539,7 +526,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: 'MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -568,8 +555,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being - updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -598,8 +584,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -628,8 +613,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -658,9 +642,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a - mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: 'Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -689,9 +671,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service - has a mitigation in place and is being updated to remediate the vulnerability - identified in CVE-2021-44228."' + notes: 'Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -721,7 +701,7 @@ software: unaffected_versions: [] vendor_links: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Fixed in 2021.4.1 + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -750,8 +730,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: 'Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046.' references: - '' last_updated: '2021-12-15T00:00:00' @@ -9085,4 +9064,4 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' -... +... \ No newline at end of file From 1ac6221a21d12ad67274159e5ceb394b156a7e48 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 24 Jan 2022 22:27:28 +0000 Subject: [PATCH 037/268] Update the software list --- SOFTWARE-LIST.md | 30 +- data/cisagov.yml | 688 +++++++++++------------ data/cisagov_A.yml | 498 ++++++++--------- data/cisagov_B.yml | 116 ++-- data/cisagov_C.yml | 316 +++++------ data/cisagov_D.yml | 1298 ++++++++++++++++++++++---------------------- data/cisagov_E.yml | 250 ++++----- data/cisagov_F.yml | 48 +- data/cisagov_G.yml | 141 ++--- data/cisagov_H.yml | 942 ++++++++++++++++---------------- data/cisagov_I.yml | 422 +++++++------- data/cisagov_J.yml | 204 +++---- data/cisagov_L.yml | 12 +- data/cisagov_M.yml | 214 ++++---- data/cisagov_N.yml | 32 +- data/cisagov_O.yml | 52 +- data/cisagov_Q.yml | 24 +- data/cisagov_S.yml | 628 ++++++++++----------- data/cisagov_T.yml | 303 +++++------ data/cisagov_U.yml | 38 +- data/cisagov_V.yml | 384 ++++++------- data/cisagov_W.yml | 12 +- data/cisagov_X.yml | 36 +- 23 files changed, 3349 insertions(+), 3339 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 0c198bc..6a90bbf 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -231,10 +231,10 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -949,8 +949,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ellucian | Admin | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Ellucian | Banner Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Ellucian | Banner Document Management (includes Banner Document Retention) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | @@ -1180,6 +1180,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1309,14 +1310,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1324,6 +1323,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1396,7 +1396,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HOLOGIC | Unifi Workspace | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | While the Hologic software itself does not utilize Java/Log4J, the installed APC PowerChute UPS with Business Edition v9.5 software installed may. APC is still assessing its PowerChute software to determine if it is vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | HOLOGIC | Windows Selenia Mammography System | | | Unknown | [link](https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Honeywell | | | | Unknown | [link](https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | HPE | 3PAR StoreServ Arrays | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | AirWave Management Platform | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Alletra 6000 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -1526,11 +1530,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | Superdome Flex 280 | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Superdome Flex Server | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | UAN (User Access Node) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HP | Teradici Cloud Access Controller | | < v113 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici EMSDK | | < 1.0.6 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici Management Console | | < 21.10.3 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP Connection Manager | | < 21.03.6, < 20.07.4 | Fixed | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| HP | Teradici PCoIP License Server | | | Unknown | [link](https://support.hp.com/us-en/document/ish_5268006-5268030-16) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| HPE/Micro Focus | Data Protector | | 9.09 | Fixed | [link](https://portal.microfocus.com/s/article/KM000003243) | | [https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Huawei | | | | Unknown | [link](https://www.huawei.com/en/psirt/security-notices/huawei-sn-20211210-01-log4j2-en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Hubspot | | | | Unknown | [link](https://community.hubspot.com/t5/APIs-Integrations/Log4J-day-zero-exploit-CVE-2021-44228/td-p/541949) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | I-Net software | | | | Unknown | [link](https://faq.inetsoftware.de/t/statement-about-cve-2021-44228-log4j-vulnerability-concerning-i-net-software-products/269/3) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -2019,6 +2019,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Lyrasis | Fedora Repository | | | Not Affected | [link](https://groups.google.com/g/fedora-tech/c/dQMQ5jaX8Xo) | Fedora Repository is unaffiliated with Fedora Linux. Uses logback and explicitly excludes log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | MailStore | | | | Unknown | [link](https://www.mailstore.com/en/blog/mailstore-affected-by-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Maltego | | | | Unknown | [link](https://www.maltego.com/blog/our-response-to-log4j-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | +| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | ManageEngine Zoho | | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ManageEngine Zoho | ADAudit Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | ADManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2032,8 +2034,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ManageEngine Zoho | M365 Manager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | M365 Security Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | ManageEngine Zoho | RecoveryManager Plus | | | Unknown | [link](https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| ManageEngine | AD SelfService Plus | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-27 | -| ManageEngine | Servicedesk Plus | 11305 and below | | Affected | [link](https://www.manageengine.com/products/service-desk/security-response-plan.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | MariaDB | | | | Unknown | [link](https://mariadb.com/resources/blog/log4shell-and-mariadb-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | MathWorks | All MathWorks general release desktop or server products | | | Not Affected | [link](https://www.mathworks.com/matlabcentral/answers/1610640-apache-log4j-vulnerability-cve-2021-44228-how-does-it-affect-matlab-run-time) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | MathWorks | MATLAB | | | Not Affected | [link](https://www.mathworks.com/content/dam/mathworks/policies/mathworks-response-to-cve-2021-44228-log4j-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | @@ -2319,6 +2319,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Shibboleth | All Products | | | Not Affected | [link](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-10 | | Shopify | | | | Unknown | [link](https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Siebel | | | | Unknown | [link](https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Siemens Energy | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | @@ -2356,8 +2358,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Siemens Healthineers | syngo.via WebViewer VA13B / VA20A / VA20B | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Ceed Somaris 10 VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | X.Cite Somaris 10 VA30*/VA40* | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: In the meantime, we recommend preventing access to port 8090 from other devices by configuration of the hospital network. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens | Affected Products | | | Unknown | [link](https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf) | Siemens requests: See pdf for the complete list of affected products, CSAF for automated parsing of data | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Sierra Wireless | | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Sierra Wireless | AirVantage and Octave cloud platforms | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | These systems do not operate with the specific non-standard configuration required for CVE-2021-25046 and hence were not vulnerable to it. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | | Sierra Wireless | AM/AMM servers | | | Unknown | [link](https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | @@ -2458,8 +2458,8 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Splunk | Splunk UBA OVA Software | 5.0.3a, 5.0.0 | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Splunk | Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) | 1.1.1 and older | | Affected | [link](https://www.splunk.com/en_us/blog/bulletins/splunk-security-advisory-for-apache-log4j-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-30 | | Sprecher Automation | | | | Unknown | [link](https://www.sprecher-automation.com/en/it-security/security-alerts) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Spring | Spring Boot | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | Spring Boot users are only affected by this vulnerability if they have switched the default logging system to Log4J2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Spring Boot | | | | Unknown | [link](https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | StarDog | | | | Unknown | [link](https://community.stardog.com/t/stardog-7-8-1-available/3411) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | STERIS | Advantage | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | STERIS | Advantage Plus | | | Unknown | [link](https://h-isac.org/wp-content/uploads/2021/12/Steris_Revised-Security-Advisory-For-Apaches-Log4j-12.16.21.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 7633387..972d02e 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -6307,8 +6307,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust Bomgar - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -6316,9 +6316,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -6331,13 +6332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -6348,7 +6349,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6367,7 +6368,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -6377,9 +6378,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -6396,8 +6397,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -6405,11 +6406,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6421,11 +6421,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BioMerieux product: '' cves: @@ -27524,8 +27524,8 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products + - vendor: Elastic + product: Swiftype cves: cve-2021-4104: investigated: false @@ -27547,13 +27547,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' - - vendor: Elastic - product: Swiftype + last_updated: '2021-12-15T00:00:00' + - vendor: ElasticSearch + product: all products cves: cve-2021-4104: investigated: false @@ -27575,12 +27576,11 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:52+00:00' - vendor: Ellucian product: Admin cves: @@ -34284,6 +34284,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:52+00:00' + - vendor: Google + product: Chrome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. + references: + - '' + last_updated: '2022-01-14' - vendor: Google Cloud product: Access Transparency cves: @@ -38229,36 +38259,6 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Google - product: Chrome - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using - versions of Log4j affected by the vulnerability. - references: - - '' - last_updated: '2022-01-14' - vendor: Gradle product: Gradle cves: @@ -38436,8 +38436,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravitee + product: Access Management cves: cve-2021-4104: investigated: false @@ -38445,10 +38445,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -38478,7 +38479,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38496,7 +38497,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Access Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -38508,7 +38509,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38538,7 +38539,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38556,7 +38557,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -38568,7 +38569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -38598,7 +38599,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -38616,7 +38617,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: API Management + product: Cockpit cves: cve-2021-4104: investigated: false @@ -38628,7 +38629,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -38645,8 +38646,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' - - vendor: Gravitee - product: Cockpit + - vendor: Gravitee.io + product: '' cves: cve-2021-4104: investigated: false @@ -38654,11 +38655,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 1.4.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40824,8 +40824,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HPE/Micro Focus - product: Data Protector + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -40836,7 +40836,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.09' + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40849,13 +40849,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + - '' last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -40863,9 +40863,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -40878,13 +40879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -40892,10 +40893,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.10.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -40907,13 +40940,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -40936,13 +40969,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: Alletra 9k + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -40971,7 +41004,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Central + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -41000,7 +41033,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba ClearPass Policy Manager + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -41029,7 +41062,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba ClearPass Policy Manager + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -41058,7 +41091,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Instant (IAP) + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -41087,7 +41120,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba Location Services + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -41116,7 +41149,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba NetEdit + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -41145,7 +41178,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba PVOS Switches + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -41174,7 +41207,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba SDN VAN Controller + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -41203,7 +41236,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba User Experience Insight (UXI) + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -41232,7 +41265,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Aruba VIA Client + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -41261,7 +41294,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -41290,7 +41323,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -41319,7 +41352,94 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: ArubaOS-CX switches + product: Aruba VIA Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS SD-WAN Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -44597,98 +44717,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HP - product: Teradici Cloud Access Controller - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < v113 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < 1.0.6 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - < 21.10.3 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -44699,37 +44729,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 21.03.6 - - < 20.07.4 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -44742,10 +44742,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' last_updated: '2021-12-17T00:00:00' - vendor: Huawei product: '' @@ -59063,8 +59063,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: '' + - vendor: ManageEngine + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -59072,10 +59072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -59086,14 +59087,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' - - vendor: ManageEngine Zoho - product: ADAudit Plus + last_updated: '2021-12-27T00:00:00' + - vendor: ManageEngine + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -59101,8 +59101,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 11305 and below fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59116,13 +59117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: '' cves: cve-2021-4104: investigated: false @@ -59145,13 +59146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 + - https://pitstop.manageengine.com/portal/en/community/topic/log4j-ad-manager-plus notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -59180,7 +59181,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -59209,7 +59210,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -59238,7 +59239,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -59267,7 +59268,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Exchange Reporter Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -59296,7 +59297,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Log360 + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -59325,7 +59326,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Log360 UEBA + product: Exchange Reporter Plus cves: cve-2021-4104: investigated: false @@ -59354,7 +59355,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: Log360 cves: cve-2021-4104: investigated: false @@ -59383,7 +59384,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Security Plus + product: Log360 UEBA cves: cve-2021-4104: investigated: false @@ -59412,7 +59413,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -59440,8 +59441,8 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: ManageEngine - product: AD SelfService Plus + - vendor: ManageEngine Zoho + product: M365 Security Plus cves: cve-2021-4104: investigated: false @@ -59449,11 +59450,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Build 6.1 build 6114 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59464,13 +59464,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' - - vendor: ManageEngine - product: Servicedesk Plus + last_updated: '2021-12-16T00:00:00' + - vendor: ManageEngine Zoho + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -59478,9 +59479,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 11305 and below + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59494,11 +59494,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + - https://pitstop.manageengine.com/portal/en/community/topic/update-on-the-recent-apache-log4j2-vulnerability-impact-on-manageengine-on-premises-products-1 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: MariaDB product: '' cves: @@ -67919,6 +67919,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:55+00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-19T00:00:00' - vendor: Siemens Energy product: Affected Products cves: @@ -69037,66 +69097,6 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-19T00:00:00' - vendor: Sierra Wireless product: '' cves: @@ -72077,8 +72077,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring Boot - product: '' + - vendor: Spring + product: Spring Boot cves: cve-2021-4104: investigated: false @@ -72102,12 +72102,13 @@ software: unaffected_versions: [] vendor_links: - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: '' + notes: Spring Boot users are only affected by this vulnerability if they have + switched the default logging system to Log4J2 references: - '' last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spring - product: Spring Boot + - vendor: Spring Boot + product: '' cves: cve-2021-4104: investigated: false @@ -72131,8 +72132,7 @@ software: unaffected_versions: [] vendor_links: - https://spring.io/blog/2021/12/10/log4j2-vulnerability-and-spring-boot - notes: Spring Boot users are only affected by this vulnerability if they have - switched the default logging system to Log4J2 + notes: '' references: - '' last_updated: '2022-01-12T07:18:55+00:00' diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 03f5dd2..f569214 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,8 +475,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFAS Software - product: '' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -499,13 +499,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -513,11 +514,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -529,13 +529,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -543,11 +544,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -559,13 +559,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -573,11 +574,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -589,13 +589,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + last_updated: '2021-12-14T00:00:00' + - vendor: AFAS Software + product: '' cves: cve-2021-4104: investigated: false @@ -603,11 +604,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -619,13 +619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANmobile + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -655,7 +655,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANupdate + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -684,8 +684,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -708,13 +709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -722,10 +723,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -737,14 +739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -752,10 +753,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -767,14 +769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -782,10 +783,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -797,14 +799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: '' cves: cve-2021-4104: investigated: false @@ -827,12 +828,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai product: SIEM Splunk Connector cves: @@ -1192,7 +1192,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS DynamoDB cves: cve-2021-4104: investigated: false @@ -1201,9 +1201,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1216,13 +1216,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS DynamoDB + product: AWS EKS, ECS, Fargate cves: cve-2021-4104: investigated: false @@ -1231,9 +1231,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1247,10 +1247,16 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: To help mitigate the impact of the open-source Apache “Log4j2" utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon product: AWS ElastiCache cves: @@ -1282,7 +1288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS Inspector + product: AWS ELB cves: cve-2021-4104: investigated: false @@ -1310,9 +1316,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2021-12-16T00:00:00' - vendor: Amazon - product: AWS RDS + product: AWS Inspector cves: cve-2021-4104: investigated: false @@ -1337,13 +1343,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS S3 + product: AWS Kinesis Data Stream cves: cve-2021-4104: investigated: false @@ -1352,9 +1357,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1368,12 +1373,16 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher) references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS SNS + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -1382,9 +1391,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1397,15 +1406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SQS + product: AWS Lambda cves: cve-2021-4104: investigated: false @@ -1414,9 +1421,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: + affected_versions: - Unknown + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1429,13 +1436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS EKS, ECS, Fargate + product: AWS RDS cves: cve-2021-4104: investigated: false @@ -1444,9 +1451,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1460,18 +1467,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228 references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: Amazon - product: AWS ELB + product: AWS S3 cves: cve-2021-4104: investigated: false @@ -1499,9 +1501,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Kinesis Data Stream + product: AWS SNS cves: cve-2021-4104: investigated: false @@ -1510,9 +1512,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1526,16 +1528,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Amazon - product: AWS Lambda + product: AWS SQS cves: cve-2021-4104: investigated: false @@ -1544,9 +1544,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Unknown - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1559,11 +1559,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Amazon product: CloudFront cves: @@ -2045,7 +2045,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Quarkus + product: Camel 2 cves: cve-2021-4104: investigated: false @@ -2074,7 +2074,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel K + product: Camel JBang cves: cve-2021-4104: investigated: false @@ -2082,8 +2082,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2103,7 +2104,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: CamelKafka Connector + product: Camel K cves: cve-2021-4104: investigated: false @@ -2162,7 +2163,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel JBang + product: Camel Quarkus cves: cve-2021-4104: investigated: false @@ -2170,9 +2171,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <=3.1.4 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2192,7 +2192,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel 2 + product: CamelKafka Connector cves: cve-2021-4104: investigated: false @@ -2480,8 +2480,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Apereo - product: CAS + - vendor: APC by Schneider Electric + product: Powerchute Business Edition cves: cve-2021-4104: investigated: false @@ -2490,10 +2490,47 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2505,13 +2542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Apereo - product: Opencast + product: CAS cves: cve-2021-4104: investigated: false @@ -2521,8 +2558,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 9.10 - - < 10.6 + - 6.3.x & 6.4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2536,13 +2572,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://apereo.github.io/2021/12/11/log4j-vuln/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Application Performance Ltd - product: DBMarlin + - vendor: Apereo + product: Opencast cves: cve-2021-4104: investigated: false @@ -2550,9 +2586,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Not Affected + - < 9.10 + - < 10.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2565,11 +2602,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee product: '' cves: @@ -2755,7 +2793,8 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + - Not Affected fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2768,14 +2807,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + - vendor: Application Performance Ltd + product: DBMarlin cves: cve-2021-4104: investigated: false @@ -2798,13 +2836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: '' cves: cve-2021-4104: investigated: false @@ -2812,9 +2850,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - ElasticSearch 5.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2828,13 +2865,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + - vendor: Aptible + product: Aptible cves: cve-2021-4104: investigated: false @@ -2843,47 +2880,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown - cves: - cve-2021-4104: - investigated: false - affected_versions: [] + affected_versions: + - ElasticSearch 5.x fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2895,11 +2895,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security product: '' cves: @@ -3718,7 +3718,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -3731,7 +3731,9 @@ software: unaffected_versions: [] vendor_links: - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen - notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. + notes: The security vulnerability does NOT affect our applications and products + or pose any threat. This applies to all Bachmann applications and products, + including atvise solutions. references: - '' last_updated: '2022-01-17T00:00:00' @@ -4081,6 +4083,38 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' + - vendor: Avaya + product: Avaya Aura® Device Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.0.1 + - 8.0.2 + - 8.1.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Avaya product: Avaya Aura® Media Server cves: @@ -4816,38 +4850,6 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Device Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT product: '' cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5a00349..96dd688 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -33,7 +33,7 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Baxter + - vendor: BackBox product: '' cves: cve-2021-4104: @@ -57,12 +57,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf + - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BackBox + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Balbix product: '' cves: cve-2021-4104: @@ -86,12 +86,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf + - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Balbix + - vendor: Baramundi Products product: '' cves: cve-2021-4104: @@ -115,12 +115,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ + - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baramundi Products + - vendor: Barco product: '' cves: cve-2021-4104: @@ -144,12 +144,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barco + - vendor: Barracuda product: '' cves: cve-2021-4104: @@ -173,12 +173,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barco.com/en/support/knowledge-base/kb12495 + - https://www.barracuda.com/company/legal/trust-center notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barracuda + - vendor: Baxter product: '' cves: cve-2021-4104: @@ -202,13 +202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barracuda.com/company/legal/trust-center + - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + product: APEX® Compounder cves: cve-2021-4104: investigated: false @@ -237,8 +237,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + product: Pinnacle® Compounder cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: Pinnacle® Compounder + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -354,7 +353,8 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: APEX® Compounder + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Medication Technologies + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -1049,7 +1049,7 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: BioMerieux + - vendor: Bender product: '' cves: cve-2021-4104: @@ -1073,12 +1073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://www.bender.de/en/cert notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) product: '' cves: cve-2021-4104: @@ -1102,14 +1103,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -1117,9 +1117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -1132,13 +1133,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Cloud + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -1149,7 +1150,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '21.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1168,7 +1169,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -1178,9 +1179,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1197,8 +1198,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -1206,11 +1207,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1222,12 +1222,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BioMerieux product: '' cves: cve-2021-4104: @@ -1251,11 +1251,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: BisectHosting product: '' cves: @@ -2590,7 +2590,7 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Boston Scientific + - vendor: Bosch product: '' cves: cve-2021-4104: @@ -2614,12 +2614,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf + - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Bosch + last_updated: '2021-12-22T00:00:00' + - vendor: Boston Scientific product: '' cves: cve-2021-4104: @@ -2643,11 +2643,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/ + - https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Box product: '' cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 648dacb..60b11b6 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: CT Medical Imaging Products + product: Alphenix (Angio Workstation) cves: cve-2021-4104: investigated: false @@ -150,7 +150,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: MR Medical Imaging Products + product: CT Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -179,7 +179,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: UL Medical Imaging Products + product: Infinix-i (Angio Workstation) cves: cve-2021-4104: investigated: false @@ -208,7 +208,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: MR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -266,7 +266,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Vitrea Advanced 7.x + product: UL Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Vitrea Advanced 7.x cves: cve-2021-4104: investigated: false @@ -324,7 +324,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -997,65 +997,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Common Services Platform Collector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco Network Services Orchestrator (NSO) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: Cisco System Architecture Evolution Gateway (SAEGW) + product: Cisco ACI Multi-Site Orchestrator cves: cve-2021-4104: investigated: false @@ -1084,7 +1026,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco ACI Multi-Site Orchestrator + product: Cisco ACI Virtual Edge cves: cve-2021-4104: investigated: false @@ -1113,7 +1055,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco ACI Virtual Edge + product: Cisco Adaptive Security Appliance (ASA) Software cves: cve-2021-4104: investigated: false @@ -1142,7 +1084,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Adaptive Security Appliance (ASA) Software + product: Cisco Advanced Web Security Reporting Application cves: cve-2021-4104: investigated: false @@ -1171,7 +1113,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Advanced Web Security Reporting Application + product: Cisco AMP Virtual Private Cloud Appliance cves: cve-2021-4104: investigated: false @@ -1200,7 +1142,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco AMP Virtual Private Cloud Appliance + product: Cisco AnyConnect Secure Mobility Client cves: cve-2021-4104: investigated: false @@ -1229,7 +1171,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco AnyConnect Secure Mobility Client + product: Cisco Application Policy Infrastructure Controller (APIC) cves: cve-2021-4104: investigated: false @@ -1258,7 +1200,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Application Policy Infrastructure Controller (APIC) + product: Cisco ASR 5000 Series Routers cves: cve-2021-4104: investigated: false @@ -1287,7 +1229,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco ASR 5000 Series Routers + product: Cisco Broadcloud Calling cves: cve-2021-4104: investigated: false @@ -1316,7 +1258,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Broadcloud Calling + product: Cisco BroadWorks cves: cve-2021-4104: investigated: false @@ -1345,7 +1287,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco BroadWorks + product: Cisco Catalyst 9800 Series Wireless Controllers cves: cve-2021-4104: investigated: false @@ -1374,7 +1316,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Catalyst 9800 Series Wireless Controllers + product: Cisco CloudCenter Suite Admin cves: cve-2021-4104: investigated: false @@ -1403,7 +1345,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco CloudCenter Suite Admin + product: Cisco CloudCenter Workload Manager cves: cve-2021-4104: investigated: false @@ -1432,7 +1374,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco CloudCenter Workload Manager + product: Cisco Cognitive Intelligence cves: cve-2021-4104: investigated: false @@ -1461,7 +1403,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Cognitive Intelligence + product: Cisco Common Services Platform Collector cves: cve-2021-4104: investigated: false @@ -1866,34 +1808,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' - - vendor: Cisco - product: DUO network gateway (on-prem/self-hosted) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -2736,6 +2650,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' + - vendor: Cisco + product: Cisco Network Services Orchestrator (NSO) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -3028,7 +2971,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Paging Server (InformaCast) + product: Cisco Paging Server cves: cve-2021-4104: investigated: false @@ -3057,7 +3000,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Paging Server + product: Cisco Paging Server (InformaCast) cves: cve-2021-4104: investigated: false @@ -3665,6 +3608,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' + - vendor: Cisco + product: Cisco System Architecture Evolution Gateway (SAEGW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: Cisco TelePresence Management Suite cves: @@ -3956,7 +3928,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise - Live Data server + product: Cisco Unified Contact Center Enterprise cves: cve-2021-4104: investigated: false @@ -3985,7 +3957,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco - product: Cisco Unified Contact Center Enterprise + product: Cisco Unified Contact Center Enterprise - Live Data server cves: cve-2021-4104: investigated: false @@ -4419,6 +4391,34 @@ software: references: - '' last_updated: '2022-01-12T07:18:51+00:00' + - vendor: Cisco + product: DUO network gateway (on-prem/self-hosted) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -4811,7 +4811,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: ShareFile Storage Zones Controller + product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) cves: cve-2021-4104: investigated: false @@ -4835,16 +4835,19 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Virtual Apps and Desktops (XenApp & XenDesktop) + product: Citrix Workspace App cves: cve-2021-4104: investigated: false @@ -4852,10 +4855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: investigated: false affected_versions: [] @@ -4868,19 +4872,16 @@ software: unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Workspace App + product: ShareFile Storage Zones Controller cves: cve-2021-4104: investigated: false @@ -4888,11 +4889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6163,7 +6163,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cloudera - product: Workload XM (SaaS) + product: Workload XM cves: cve-2021-4104: investigated: false @@ -6171,8 +6171,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6192,7 +6193,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Cloudera - product: Workload XM + product: Workload XM (SaaS) cves: cve-2021-4104: investigated: false @@ -6200,9 +6201,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6663,7 +6663,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Platform + product: Confluent ElasticSearch Sink Connector cves: cve-2021-4104: investigated: false @@ -6673,7 +6673,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <7.0.1 + - <11.1.7 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6723,7 +6723,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Kafka Connectors + product: Confluent Google DataProc Sink Connector cves: cve-2021-4104: investigated: false @@ -6732,10 +6732,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.1.5 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6753,7 +6753,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent ElasticSearch Sink Connector + product: Confluent HDFS 2 Sink Connector cves: cve-2021-4104: investigated: false @@ -6763,7 +6763,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <11.1.7 + - <10.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6783,7 +6783,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Google DataProc Sink Connector + product: Confluent HDFS 3 Sink Connector cves: cve-2021-4104: investigated: false @@ -6793,7 +6793,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.5 + - <1.1.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6813,7 +6813,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent Splunk Sink Connector + product: Confluent Kafka Connectors cves: cve-2021-4104: investigated: false @@ -6822,10 +6822,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <2.05 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,7 +6843,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 2 Sink Connector + product: Confluent Platform cves: cve-2021-4104: investigated: false @@ -6853,7 +6853,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <10.1.3 + - <7.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6873,7 +6873,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Confluent - product: Confluent HDFS 3 Sink Connector + product: Confluent Splunk Sink Connector cves: cve-2021-4104: investigated: false @@ -6883,7 +6883,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - <1.1.8 + - <2.05 fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1fefa45..1a63d55 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Data Vision Software (DVS) + product: Dakronics Media Player cves: cve-2021-4104: investigated: false @@ -42,10 +42,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - DMP (any series) cve-2021-45046: investigated: false affected_versions: [] @@ -58,8 +59,7 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DVS has one microservice that uses Log4j, but it uses a version that is - not impacted. + notes: '' references: - '' last_updated: '2022-01-06T00:00:00' @@ -95,7 +95,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: Daktronics - product: Dakronics Media Player + product: Data Vision Software (DVS) cves: cve-2021-4104: investigated: false @@ -103,11 +103,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - DMP (any series) + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -120,7 +119,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: '' + notes: DVS has one microservice that uses Log4j, but it uses a version that is + not impacted. references: - '' last_updated: '2022-01-06T00:00:00' @@ -882,7 +882,7 @@ software: - '' last_updated: '2022-01-12T07:18:51+00:00' - vendor: Dell - product: Alienware Command Center + product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: cve-2021-4104: investigated: false @@ -912,7 +912,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware OC Controls + product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' cves: cve-2021-4104: investigated: false @@ -942,7 +942,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware On Screen Display + product: Alienware Command Center cves: cve-2021-4104: investigated: false @@ -972,7 +972,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Alienware Update + product: Alienware OC Controls cves: cve-2021-4104: investigated: false @@ -1002,7 +1002,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Atmos + product: Alienware On Screen Display cves: cve-2021-4104: investigated: false @@ -1032,7 +1032,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Alienware Update cves: cve-2021-4104: investigated: false @@ -1062,7 +1062,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Powered Calibration Firmware + product: APEX Console cves: cve-2021-4104: investigated: false @@ -1072,9 +1072,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1087,12 +1087,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Ready for Dell + product: APEX Data Storage Services cves: cve-2021-4104: investigated: false @@ -1100,11 +1100,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1117,12 +1116,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patch in progress references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Centera + product: Atmos cves: cve-2021-4104: investigated: false @@ -1152,7 +1151,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chameleon Linux Based Diagnostics + product: Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -1182,7 +1181,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chassis Management Controller (CMC) + product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: investigated: false @@ -1212,7 +1211,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: China HDD Deluxe + product: CalMAN Ready for Dell cves: cve-2021-4104: investigated: false @@ -1242,7 +1241,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + product: Centera cves: cve-2021-4104: investigated: false @@ -1272,7 +1271,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: investigated: false @@ -1302,7 +1301,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: Chassis Management Controller (CMC) cves: cve-2021-4104: investigated: false @@ -1332,7 +1331,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connextrix B Series + product: China HDD Deluxe cves: cve-2021-4104: investigated: false @@ -1362,7 +1361,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: Cloud IQ cves: cve-2021-4104: investigated: false @@ -1370,11 +1369,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1387,12 +1385,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Cloud environment patched references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: investigated: false @@ -1422,7 +1420,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + product: Cloud Tiering Appliance cves: cve-2021-4104: investigated: false @@ -1452,7 +1450,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-J + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: investigated: false @@ -1482,7 +1480,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Micro Edition Suite + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: investigated: false @@ -1490,11 +1488,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1507,12 +1504,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Calibration Assistant + product: Connectrix B-Series SANnav cves: cve-2021-4104: investigated: false @@ -1521,10 +1518,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1537,12 +1534,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 3/31/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cinema Color + product: Connextrix B Series cves: cve-2021-4104: investigated: false @@ -1572,7 +1569,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Command Repository Manager + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -1602,7 +1599,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Management Agent + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -1632,7 +1629,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Color Management + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -1641,10 +1638,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1657,12 +1654,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Configure + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -1692,7 +1689,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Integration Suite for System Center + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -1722,7 +1719,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Intel vPro Out of Band + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -1752,7 +1749,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Monitor + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -1782,7 +1779,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Power Manager + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -1812,7 +1809,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command PowerShell Provider + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -1842,7 +1839,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Update + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -1872,7 +1869,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Customer Connect + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -1902,7 +1899,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Guardian* + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -1932,7 +1929,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Protection* + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -1962,7 +1959,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Recovery Environment + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -1992,7 +1989,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -2022,7 +2019,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault for Chrome OS + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -2052,7 +2049,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Deployment Agent + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -2082,7 +2079,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Digital Delivery + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -2112,7 +2109,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Direct USB Key + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -2142,7 +2139,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -2172,7 +2169,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -2202,7 +2199,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC AppSync + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -2232,7 +2229,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloudboost + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -2262,7 +2259,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC CloudLink + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -2292,7 +2289,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Container Storage Modules + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -2322,7 +2319,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -2352,7 +2349,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Advisor + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -2382,7 +2379,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC DataIQ + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2412,7 +2409,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -2442,7 +2439,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -2472,7 +2469,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -2481,10 +2478,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"18.2 19.1 19.2 19.3 19.4"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2497,12 +2494,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -2510,11 +2507,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2527,12 +2523,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -2541,10 +2537,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2557,12 +2553,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -2592,7 +2588,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -2622,7 +2618,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -2652,7 +2648,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -2682,8 +2678,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -2713,7 +2708,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -2721,11 +2716,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2738,12 +2732,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021- 269 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -2752,10 +2746,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 19.5.0.7 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2768,12 +2762,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-279 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -2803,7 +2797,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -2833,7 +2827,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC ECS cves: cve-2021-4104: investigated: false @@ -2841,11 +2835,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2858,12 +2851,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -2872,10 +2865,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"<6.0.0 6.1.0 6.2.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2888,12 +2881,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-278 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -2923,7 +2916,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -2932,10 +2925,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2948,12 +2941,16 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. Apply workaround guidance + and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -2962,10 +2959,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2978,12 +2975,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -3013,7 +3010,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -3043,7 +3040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -3052,10 +3049,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 7.0.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3068,12 +3065,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-308 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC NetWorker Server cves: cve-2021-4104: investigated: false @@ -3082,10 +3079,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3098,12 +3095,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell EMC NetWorker Virtual Edition cves: cve-2021-4104: investigated: false @@ -3112,10 +3109,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"19.5.x 19.4.x 19.3.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3128,12 +3125,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -3163,7 +3160,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -3172,10 +3169,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3188,12 +3185,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-304 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -3223,7 +3220,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -3253,7 +3250,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -3283,7 +3280,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -3313,7 +3310,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -3343,7 +3341,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -3352,10 +3350,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions + up to Intelligent Catalog 38_362_00_r7.zip"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3368,12 +3367,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -3382,10 +3381,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - N/A + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3398,12 +3397,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -3412,10 +3411,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3428,12 +3427,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -3463,7 +3462,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -3493,7 +3492,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -3523,7 +3522,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -3532,10 +3531,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3548,12 +3547,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -3562,10 +3561,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3578,12 +3577,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -3613,7 +3612,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -3643,7 +3642,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -3673,7 +3672,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -3703,7 +3702,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -3711,11 +3710,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3728,12 +3726,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell EMC PowerVault MD3 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3763,7 +3761,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -3793,7 +3791,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell EMC RecoverPoint Classic cves: cve-2021-4104: investigated: false @@ -3802,10 +3800,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.1.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3818,12 +3816,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell EMC RecoverPoint for Virtual Machine cves: cve-2021-4104: investigated: false @@ -3832,10 +3830,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All 5.0.x and later versions fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3848,12 +3846,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -3883,7 +3881,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -3891,11 +3889,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3908,12 +3905,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -3921,11 +3918,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3938,12 +3934,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -3951,11 +3947,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3968,12 +3963,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -4003,7 +3998,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell EMC SRM vApp cves: cve-2021-4104: investigated: false @@ -4012,10 +4007,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 4.6.0.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4028,12 +4023,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 1/25/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -4041,11 +4036,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4058,12 +4052,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/18/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -4093,7 +4087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -4123,7 +4117,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -4131,11 +4125,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4148,12 +4141,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/29/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -4183,7 +4176,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -4213,7 +4206,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -4222,10 +4215,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '"4.5.x 4.7.x 7.0.x"' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4238,12 +4231,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -4273,7 +4266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -4303,7 +4296,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -4333,7 +4326,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -4363,7 +4356,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -4393,7 +4386,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -4423,7 +4416,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -4453,7 +4446,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -4483,7 +4476,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -4513,7 +4506,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -4543,7 +4536,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -4573,7 +4566,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -4603,7 +4596,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Dell Open Manage Mobile cves: cve-2021-4104: investigated: false @@ -4633,7 +4626,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: Dell Open Manage Server Administrator cves: cve-2021-4104: investigated: false @@ -4663,7 +4656,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: Dell Open Management Enterprise - Modular cves: cve-2021-4104: investigated: false @@ -4672,10 +4665,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - <1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4688,12 +4681,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -4723,7 +4716,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: Dell OpenManage Enterprise Power Manager Plugin cves: cve-2021-4104: investigated: false @@ -4753,7 +4746,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -4783,7 +4776,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -4813,7 +4806,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -4843,7 +4836,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -4873,7 +4866,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -4903,7 +4896,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -4933,7 +4926,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -4963,7 +4956,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -4993,7 +4986,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -5023,7 +5016,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -5053,7 +5046,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -5083,7 +5076,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -5113,7 +5106,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -5143,7 +5136,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -5173,7 +5166,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -5203,8 +5196,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -5234,7 +5226,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -5264,7 +5256,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -5294,7 +5286,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -5324,7 +5316,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: Dell Update cves: cve-2021-4104: investigated: false @@ -5354,7 +5346,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: DellEMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -5362,11 +5354,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5379,12 +5370,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -5414,7 +5405,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -5444,7 +5435,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerTools Agent + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -5474,7 +5465,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM Kubernetes cProxy + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -5504,7 +5495,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PPDM VMware vProxy + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -5534,7 +5525,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Redtail + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -5542,11 +5533,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5559,12 +5549,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Remotely Anywhere + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -5594,7 +5584,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Riptide (firmware) + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -5624,7 +5614,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Rugged Control Center (RCC) + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -5654,7 +5644,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SD ROM Utility + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -5684,7 +5674,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SDNAS + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -5714,7 +5704,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Server Storage + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -5744,7 +5734,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Smart Fabric Storage Software + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -5774,7 +5764,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SmartByte + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -5804,7 +5794,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SMI-S + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -5834,7 +5824,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Software RAID + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -5864,7 +5854,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler + product: My Dell cves: cve-2021-4104: investigated: false @@ -5894,7 +5884,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Solutions Enabler vApp + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -5924,7 +5914,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Sonic + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -5954,7 +5944,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS VE + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -5984,7 +5974,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center OS and additional SC applications unless otherwise noted + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -6014,7 +6004,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Commercial + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -6044,7 +6034,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Client Consumer + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -6074,7 +6064,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: UCC Edge + product: Networking OS9 cves: cve-2021-4104: investigated: false @@ -6104,7 +6094,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -6134,7 +6124,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for PowerMax vApp + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -6164,7 +6154,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VMAX + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -6194,7 +6184,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere for VNX + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -6224,7 +6214,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Update Manager Plugin + product: OMNIA cves: cve-2021-4104: investigated: false @@ -6254,7 +6244,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ViPR Controller + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -6284,7 +6274,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -6314,7 +6304,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -6322,11 +6312,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6339,12 +6328,13 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -6374,7 +6364,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vsan Ready Nodes + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -6404,7 +6394,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Warnado MLK (firmware) + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -6434,7 +6424,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Proprietary OS (ThinOS) + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -6464,7 +6454,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Windows Embedded Suite + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -6494,7 +6484,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -6504,9 +6494,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - N/A - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -6519,12 +6509,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Data Storage Services + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -6532,10 +6522,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6548,12 +6539,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -6561,10 +6552,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6577,12 +6569,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: PowerTools Agent cves: cve-2021-4104: investigated: false @@ -6590,10 +6582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6606,12 +6599,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix B-Series SANnav + product: PPDM Kubernetes cProxy cves: cve-2021-4104: investigated: false @@ -6620,10 +6613,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6636,12 +6629,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS + product: PPDM VMware vProxy cves: cve-2021-4104: investigated: false @@ -6650,10 +6643,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6666,12 +6659,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: Redtail cves: cve-2021-4104: investigated: false @@ -6680,10 +6673,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6696,12 +6689,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC BSN Controller Node + product: Remotely Anywhere cves: cve-2021-4104: investigated: false @@ -6709,10 +6702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6725,12 +6719,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + product: Riptide (firmware) cves: cve-2021-4104: investigated: false @@ -6739,39 +6733,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC Data Protection Central - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6784,12 +6749,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: Rugged Control Center (RCC) cves: cve-2021-4104: investigated: false @@ -6798,10 +6763,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 19.5.0.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6814,12 +6779,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: SD ROM Utility cves: cve-2021-4104: investigated: false @@ -6827,10 +6792,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6843,12 +6809,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: SDNAS cves: cve-2021-4104: investigated: false @@ -6856,10 +6822,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6872,12 +6839,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -6887,7 +6854,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6902,12 +6869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: See DSA-2021-282 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Secure Connect Gateway (SCG) Policy Manager cves: cve-2021-4104: investigated: false @@ -6917,7 +6884,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '"5.00.00.10 5.00.05.10"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6932,16 +6899,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: See DSA-2021-281 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Server Storage cves: cve-2021-4104: investigated: false @@ -6950,10 +6913,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6966,12 +6929,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Smart Fabric Storage Software cves: cve-2021-4104: investigated: false @@ -6980,10 +6943,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -6996,12 +6959,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: SmartByte cves: cve-2021-4104: investigated: false @@ -7010,10 +6973,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7026,12 +6989,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: SMI-S cves: cve-2021-4104: investigated: false @@ -7040,10 +7003,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7056,12 +7019,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Software RAID cves: cve-2021-4104: investigated: false @@ -7070,11 +7033,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7087,12 +7049,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Solutions Enabler cves: cve-2021-4104: investigated: false @@ -7101,10 +7063,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7117,12 +7079,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Solutions Enabler vApp cves: cve-2021-4104: investigated: false @@ -7131,10 +7093,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7147,12 +7109,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Sonic cves: cve-2021-4104: investigated: false @@ -7161,10 +7123,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions 19.9 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7177,12 +7139,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: SRS Policy Manager cves: cve-2021-4104: investigated: false @@ -7192,7 +7154,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.7.0 and earlier + - '7' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7212,7 +7174,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: SRS VE cves: cve-2021-4104: investigated: false @@ -7220,10 +7182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7236,12 +7199,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Storage Center - Dell Storage Manager cves: cve-2021-4104: investigated: false @@ -7249,9 +7212,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All 5.0.x and later versions + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7271,7 +7233,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Storage Center OS and additional SC applications unless otherwise noted cves: cve-2021-4104: investigated: false @@ -7280,10 +7242,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7296,12 +7258,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: SupportAssist Client Commercial cves: cve-2021-4104: investigated: false @@ -7310,10 +7272,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7326,12 +7288,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: SupportAssist Client Consumer cves: cve-2021-4104: investigated: false @@ -7339,10 +7301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7355,12 +7318,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: SupportAssist Enterprise cves: cve-2021-4104: investigated: false @@ -7384,12 +7347,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: Patch expected by 12/23/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: UCC Edge cves: cve-2021-4104: investigated: false @@ -7398,10 +7361,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 7.0.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7414,12 +7377,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Unisphere Central cves: cve-2021-4104: investigated: false @@ -7427,9 +7390,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7444,12 +7406,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 1/10/2022 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Unisphere for PowerMax cves: cve-2021-4104: investigated: false @@ -7458,10 +7420,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.40.10 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7474,12 +7436,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: Unisphere for PowerMax vApp cves: cve-2021-4104: investigated: false @@ -7487,10 +7449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7503,12 +7466,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: Unisphere for VMAX cves: cve-2021-4104: investigated: false @@ -7516,10 +7479,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7532,12 +7496,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Unisphere for VNX cves: cve-2021-4104: investigated: false @@ -7545,10 +7509,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7561,12 +7526,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Update Manager Plugin cves: cve-2021-4104: investigated: false @@ -7574,10 +7539,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7590,12 +7556,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Vblock cves: cve-2021-4104: investigated: false @@ -7619,12 +7585,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: Patch pending See vce6771 (requires customer login) references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Appliance + product: ViPR Controller cves: cve-2021-4104: investigated: false @@ -7633,10 +7599,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7649,12 +7615,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-282 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: VMware vRealize Automation 8.x cves: cve-2021-4104: investigated: false @@ -7664,7 +7630,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"5.00.00.10 5.00.05.10"' + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7679,12 +7645,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-281 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SRS Policy Manager + product: VMware vRealize Orchestrator 8.x cves: cve-2021-4104: investigated: false @@ -7694,7 +7660,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7' + - '"8.2 8.3 8.4 8.5 and 8.6"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7709,12 +7675,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Storage Center - Dell Storage Manager + product: VNX1 cves: cve-2021-4104: investigated: false @@ -7722,10 +7688,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7738,12 +7705,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: SupportAssist Enterprise + product: VNX2 cves: cve-2021-4104: investigated: false @@ -7751,10 +7718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7767,12 +7735,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Unisphere Central + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -7780,8 +7748,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Versions 3.1.16.10220572 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7796,12 +7765,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Vblock + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -7809,8 +7778,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Version 3.1.15.10216415 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7825,12 +7795,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -7839,10 +7809,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -7855,12 +7825,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -7868,9 +7838,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7890,7 +7859,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VxBlock + product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x cves: cve-2021-4104: investigated: false @@ -7898,8 +7867,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '"version 19.6 version 19.7 version 19.8 and version 19.9"' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7914,7 +7884,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch expected by 12/19/21 references: - '' last_updated: '2021-12-15T00:00:00' @@ -8099,7 +8069,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: Vsan Ready Nodes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - N/A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: VxBlock cves: cve-2021-4104: investigated: false @@ -8123,12 +8123,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '"Patch pending See vce6771 (requires customer login) "' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: Warnado MLK (firmware) cves: cve-2021-4104: investigated: false @@ -8137,10 +8137,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8153,12 +8153,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Automation 8.x + product: Wyse Management Suite cves: cve-2021-4104: investigated: false @@ -8168,7 +8168,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - <3.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8183,12 +8183,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-267 references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VMware vRealize Orchestrator 8.x + product: Wyse Proprietary OS (ThinOS) cves: cve-2021-4104: investigated: false @@ -8197,10 +8197,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8213,12 +8213,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Wyse Management Suite + product: Wyse Windows Embedded Suite cves: cve-2021-4104: investigated: false @@ -8227,10 +8227,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - N/A cve-2021-45046: investigated: false affected_versions: [] @@ -8243,7 +8243,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-267 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' @@ -8394,7 +8394,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: Digi International - product: CTEK G6200 family + product: AnywhereUSB Manager cves: cve-2021-4104: investigated: false @@ -8423,7 +8423,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK SkyCloud + product: ARMT cves: cve-2021-4104: investigated: false @@ -8452,7 +8452,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: CTEK Z45 family + product: Aview cves: cve-2021-4104: investigated: false @@ -8481,7 +8481,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 54xx family + product: AVWOB cves: cve-2021-4104: investigated: false @@ -8510,7 +8510,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi 63xx family + product: CTEK G6200 family cves: cve-2021-4104: investigated: false @@ -8539,7 +8539,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB (G2) family + product: CTEK SkyCloud cves: cve-2021-4104: investigated: false @@ -8568,7 +8568,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi AnywhereUSB Plus family + product: CTEK Z45 family cves: cve-2021-4104: investigated: false @@ -8597,7 +8597,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect family + product: Digi 54xx family cves: cve-2021-4104: investigated: false @@ -8626,7 +8626,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect EZ family + product: Digi 63xx family cves: cve-2021-4104: investigated: false @@ -8655,7 +8655,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect IT family + product: Digi AnywhereUSB (G2) family cves: cve-2021-4104: investigated: false @@ -8684,7 +8684,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort family + product: Digi AnywhereUSB Plus family cves: cve-2021-4104: investigated: false @@ -8713,7 +8713,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi ConnectPort LTS family + product: Digi Connect EZ family cves: cve-2021-4104: investigated: false @@ -8742,7 +8742,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect Sensor family + product: Digi Connect family cves: cve-2021-4104: investigated: false @@ -8771,7 +8771,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Connect WS family + product: Digi Connect IT family cves: cve-2021-4104: investigated: false @@ -8800,7 +8800,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Android + product: Digi Connect Sensor family cves: cve-2021-4104: investigated: false @@ -8829,7 +8829,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Embedded Yocto + product: Digi Connect WS family cves: cve-2021-4104: investigated: false @@ -8858,7 +8858,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi EX routers + product: Digi ConnectPort family cves: cve-2021-4104: investigated: false @@ -8887,7 +8887,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi IX routers + product: Digi ConnectPort LTS family cves: cve-2021-4104: investigated: false @@ -8916,7 +8916,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi LR54 + product: Digi Embedded Android cves: cve-2021-4104: investigated: false @@ -8945,7 +8945,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi One family + product: Digi Embedded Yocto cves: cve-2021-4104: investigated: false @@ -8974,7 +8974,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Passport family + product: Digi EX routers cves: cve-2021-4104: investigated: false @@ -9003,7 +9003,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi PortServer TS family + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -9032,7 +9032,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi TX routers + product: Digi LR54 cves: cve-2021-4104: investigated: false @@ -9061,7 +9061,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR11 + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -9090,7 +9090,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR21 + product: Digi One family cves: cve-2021-4104: investigated: false @@ -9119,7 +9119,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR31 + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -9148,7 +9148,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR44R/RR + product: Digi PortServer TS family cves: cve-2021-4104: investigated: false @@ -9177,7 +9177,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR54 + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -9206,7 +9206,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR64 + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -9235,7 +9235,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AnywhereUSB Manager + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -9264,7 +9264,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Aview + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -9293,7 +9293,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: ARMT + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -9322,7 +9322,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: AVWOB + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -9351,7 +9351,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Navigator + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -9380,7 +9380,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Remote Manager + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -9758,7 +9758,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: Dynatrace - product: Managed cluster nodes + product: ActiveGate cves: cve-2021-4104: investigated: false @@ -9782,12 +9782,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: SAAS + product: Dynatrace Extensions cves: cve-2021-4104: investigated: false @@ -9811,7 +9811,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' @@ -9845,7 +9845,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic public locations + product: Managed cluster nodes cves: cve-2021-4104: investigated: false @@ -9869,12 +9869,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Synthetic Private ActiveGate + product: OneAgent cves: cve-2021-4104: investigated: false @@ -9898,12 +9898,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: ActiveGate + product: SAAS cves: cve-2021-4104: investigated: false @@ -9932,7 +9932,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: OneAgent + product: Synthetic Private ActiveGate cves: cve-2021-4104: investigated: false @@ -9956,12 +9956,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: '' + notes: Please see Dynatrace Communication for details references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Synthetic public locations cves: cve-2021-4104: investigated: false @@ -9985,7 +9985,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ - notes: Please see Dynatrace Communication for details + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index abf2a20..8643da5 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -356,7 +356,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -414,7 +414,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud on Kubernetes + product: Elastic Cloud Enterprise cves: cve-2021-4104: investigated: false @@ -443,7 +443,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud + product: Elastic Cloud on Kubernetes cves: cve-2021-4104: investigated: false @@ -795,7 +795,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: Ellucian - product: Banner Analytics + product: Admin cves: cve-2021-4104: investigated: false @@ -824,7 +824,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague + product: Banner Analytics cves: cve-2021-4104: investigated: false @@ -848,12 +848,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: On-prem and cloud deployements expect fixed 12/18/2021 + notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Admin + product: Banner Document Management (includes Banner Document Retention) cves: cve-2021-4104: investigated: false @@ -882,7 +882,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Banner Event Publisher cves: cve-2021-4104: investigated: false @@ -969,7 +969,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Workflow + product: Banner Self Service cves: cve-2021-4104: investigated: false @@ -998,7 +998,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Document Management (includes Banner Document Retention) + product: Banner Workflow cves: cve-2021-4104: investigated: false @@ -1027,7 +1027,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Advance Web Connector + product: Colleague cves: cve-2021-4104: investigated: false @@ -1051,12 +1051,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ellucian.com/news/ellucian-response-apache-log4j-issue - notes: '' + notes: On-prem and cloud deployements expect fixed 12/18/2021 references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: Colleague Analytics cves: cve-2021-4104: investigated: false @@ -1085,7 +1085,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: CRM Advance cves: cve-2021-4104: investigated: false @@ -1114,7 +1114,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Solution Manager + product: CRM Advise cves: cve-2021-4104: investigated: false @@ -1143,7 +1143,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Event Publisher + product: CRM Recruit cves: cve-2021-4104: investigated: false @@ -1172,7 +1172,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Banner Self Service + product: Ellucian Advance Web Connector cves: cve-2021-4104: investigated: false @@ -1201,7 +1201,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Colleague Analytics + product: Ellucian Data Access cves: cve-2021-4104: investigated: false @@ -1230,7 +1230,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advance + product: Ellucian Design Path cves: cve-2021-4104: investigated: false @@ -1259,7 +1259,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Advise + product: Ellucian Ellucian Portal cves: cve-2021-4104: investigated: false @@ -1288,7 +1288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: CRM Recruit + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -1317,7 +1317,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Data Access + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -1346,7 +1346,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Design Path + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -1375,7 +1375,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -1404,7 +1404,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -1433,7 +1433,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -1462,7 +1462,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -1491,7 +1491,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -1520,7 +1520,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -1549,7 +1549,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -1578,7 +1578,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -1607,7 +1607,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -1636,7 +1636,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian PowerCampus cves: cve-2021-4104: investigated: false @@ -1665,7 +1665,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: Ellucian Solution Manager cves: cve-2021-4104: investigated: false @@ -1723,7 +1723,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian PowerCampus + product: Enterprise Identity Services(BEIS) cves: cve-2021-4104: investigated: false @@ -1752,7 +1752,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 148 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1781,7 +1781,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 2051 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1810,7 +1810,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 2088 Pressure Transmitter Family cves: cve-2021-4104: investigated: false @@ -1839,7 +1839,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 2090F/2090P Pressure Transmitters cves: cve-2021-4104: investigated: false @@ -1868,7 +1868,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 215 Pressure Sensor Module cves: cve-2021-4104: investigated: false @@ -1897,7 +1897,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 248 Configuration Application cves: cve-2021-4104: investigated: false @@ -1926,7 +1926,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 248 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -1955,7 +1955,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: 3051 & 3051S Pressure transmitter families cves: cve-2021-4104: investigated: false @@ -1984,7 +1984,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: 3144P Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2013,7 +2013,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: 326P Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2042,7 +2042,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: 326T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2071,7 +2071,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: 327T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2100,7 +2100,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 4088 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2129,7 +2129,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: 4088 Upgrade Utility cves: cve-2021-4104: investigated: false @@ -2158,7 +2158,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: 4600 Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2187,7 +2187,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2216,9 +2216,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: 4732 Endeavor cves: cve-2021-4104: investigated: false @@ -2247,7 +2245,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -2276,7 +2274,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2305,7 +2303,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -2334,7 +2332,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2363,7 +2361,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2392,7 +2390,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -2421,7 +2419,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' cves: cve-2021-4104: investigated: false @@ -2450,7 +2448,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -2479,7 +2477,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2508,7 +2506,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2537,7 +2535,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -2566,7 +2564,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2595,7 +2593,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -2624,7 +2622,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2653,7 +2651,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2682,7 +2680,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -2711,9 +2709,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2742,7 +2738,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -2771,8 +2767,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -2801,7 +2796,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: Engineering Assistant 5.x & 6.x cves: cve-2021-4104: investigated: false @@ -2830,7 +2825,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2859,7 +2854,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -2888,7 +2883,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' cves: cve-2021-4104: investigated: false @@ -2917,7 +2913,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2946,7 +2942,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -2975,7 +2971,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -3004,7 +3000,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' cves: cve-2021-4104: investigated: false @@ -3033,7 +3029,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -3062,7 +3058,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' cves: cve-2021-4104: investigated: false @@ -3091,7 +3087,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -3120,7 +3118,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor' cves: cve-2021-4104: investigated: false @@ -3149,7 +3149,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3051 & 3051S Pressure transmitter families + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -3178,7 +3178,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2051 Pressure Transmitter Family + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3207,7 +3207,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Pressure Transmitter + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3236,7 +3236,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2088 Pressure Transmitter Family + product: 'Liquid Transmitters: 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -3265,7 +3265,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 2090F/2090P Pressure Transmitters + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3294,7 +3294,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4600 Pressure Transmitter + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3323,7 +3323,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 215 Pressure Sensor Module + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3352,7 +3352,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 550 PT Pressure Transmitter + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3381,7 +3381,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326P Pressure Transmitter + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3410,7 +3410,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 3144P Temperature Transmitter + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3439,7 +3439,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 644 Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3468,7 +3468,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 848T Temperature Transmitter + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3497,7 +3497,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 148 Temperature Transmitter + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3526,7 +3526,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Temperature Transmitter + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -3555,7 +3555,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 326T Temperature Transmitter + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -3584,7 +3584,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 327T Temperature Transmitter + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -3613,7 +3613,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 648 Temperature Transmitter + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -3642,7 +3642,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4088 Upgrade Utility + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -3671,7 +3671,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -3700,7 +3700,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 248 Configuration Application + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -3729,7 +3729,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -3758,7 +3758,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -3787,7 +3787,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -3816,7 +3816,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -3845,7 +3845,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -3874,7 +3874,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2410 Tank Hub + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -3903,7 +3903,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 3490 Controller + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -3932,7 +3932,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + product: Rosemount RadarMaster and RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -3961,7 +3961,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -3990,7 +3990,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + product: Rosemount TankMaster and TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -4019,7 +4019,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -4048,7 +4048,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/IOU 61 + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4077,7 +4077,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4106,7 +4106,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4135,7 +4135,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4164,7 +4164,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Detectors (21xx) + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -4193,7 +4193,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Emerson Aperio software + product: WCM SWGM cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 5abf36e..054ebe8 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -243,7 +243,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: Traffix SDC + product: NGINX App Protect cves: cve-2021-4104: investigated: false @@ -252,11 +252,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -269,13 +268,12 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + - Kibana), Element Management System' + notes: '' references: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Plus + product: NGINX Controller cves: cve-2021-4104: investigated: false @@ -287,7 +285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - R19 - R25 + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -305,7 +303,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Open Source + product: NGINX Ingress Controller cves: cve-2021-4104: investigated: false @@ -317,7 +315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -335,7 +333,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Unit + product: NGINX Instance Manager cves: cve-2021-4104: investigated: false @@ -365,7 +363,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX App Protect + product: NGINX Open Source cves: cve-2021-4104: investigated: false @@ -377,7 +375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -395,7 +393,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Controller + product: NGINX Plus cves: cve-2021-4104: investigated: false @@ -407,7 +405,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -425,7 +423,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Ingress Controller + product: NGINX Service Mesh cves: cve-2021-4104: investigated: false @@ -437,7 +435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x - 2.x + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -455,7 +453,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Instance Manager + product: NGINX Unit cves: cve-2021-4104: investigated: false @@ -485,7 +483,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: F5 - product: NGINX Service Mesh + product: Traffix SDC cves: cve-2021-4104: investigated: false @@ -494,10 +492,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 5.x (5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33) fixed_versions: [] - unaffected_versions: - - 1.x + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -510,7 +509,8 @@ software: unaffected_versions: [] vendor_links: - https://support.f5.com/csp/article/K19026212 - notes: '' + notes: 'Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + + Kibana), Element Management System' references: - '' last_updated: '2022-01-12T07:18:52+00:00' diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index a4fcb96..dce5a0e 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -65,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) + product: Asset Performance Management (APM) cves: cve-2021-4104: investigated: false @@ -89,13 +89,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + notes: GE verifying workaround. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -120,12 +119,12 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + necessary. Contact GE for details. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Asset Performance Management (APM) + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -149,7 +148,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details references: - '' last_updated: '2021-12-22T00:00:00' @@ -536,7 +536,7 @@ software: - '' last_updated: '2022-01-12T07:18:52+00:00' - vendor: GoAnywhere - product: MFT + product: Gateway cves: cve-2021-4104: investigated: false @@ -546,7 +546,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 6.8.6 + - < 2.8.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -566,7 +566,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Gateway + product: MFT cves: cve-2021-4104: investigated: false @@ -576,7 +576,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.8.4 + - < 6.8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -679,12 +679,13 @@ software: unaffected_versions: [] vendor_links: - https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html - notes: Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. + notes: Chrome Browser releases, infrastructure and admin console are not using + versions of Log4j affected by the vulnerability. references: - '' last_updated: '2022-01-14' - vendor: Google Cloud - product: AI Platform Data Labeling + product: Access Transparency cves: cve-2021-4104: investigated: false @@ -714,7 +715,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Neural Architecture Search (NAS) + product: Actifio cves: cve-2021-4104: investigated: false @@ -738,13 +739,15 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and + has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) + for the full statement and to obtain the hotfix (available to Actifio customers + only). references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: AI Platform Training and Prediction + product: AI Platform Data Labeling cves: cve-2021-4104: investigated: false @@ -774,7 +777,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Access Transparency + product: AI Platform Neural Architecture Search (NAS) cves: cve-2021-4104: investigated: false @@ -804,7 +807,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Actifio + product: AI Platform Training and Prediction cves: cve-2021-4104: investigated: false @@ -828,10 +831,8 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: Actifio has identified limited exposure to the Log4j 2 vulnerability and - has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) - for the full statement and to obtain the hotfix (available to Actifio customers - only). + notes: Product does not use Log4j 2 and is not impacted by the issues identified + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -989,7 +990,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Premium Software + product: Anthos on VMWare cves: cve-2021-4104: investigated: false @@ -1014,12 +1015,16 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check + VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds + to their VMware products as they become available. We also recommend customers + review their respective applications and workloads affected by the same vulnerabilities + and apply appropriate patches. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos Service Mesh + product: Anthos Premium Software cves: cve-2021-4104: investigated: false @@ -1049,7 +1054,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Anthos on VMWare + product: Anthos Service Mesh cves: cve-2021-4104: investigated: false @@ -1074,11 +1079,7 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check - VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds - to their VMware products as they become available. We also recommend customers - review their respective applications and workloads affected by the same vulnerabilities - and apply appropriate patches. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' @@ -1793,7 +1794,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud DNS + product: Cloud Data Loss Prevention cves: cve-2021-4104: investigated: false @@ -1821,9 +1822,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Data Loss Prevention + product: Cloud Debugger cves: cve-2021-4104: investigated: false @@ -1853,7 +1854,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Debugger + product: Cloud Deployment Manager cves: cve-2021-4104: investigated: false @@ -1883,7 +1884,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Deployment Manager + product: Cloud DNS cves: cve-2021-4104: investigated: false @@ -1911,7 +1912,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Endpoints cves: @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Intrusion Detection System (IDS) + product: Cloud Interconnect cves: cve-2021-4104: investigated: false @@ -2066,7 +2067,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Interconnect + product: Cloud Intrusion Detection System (IDS) cves: cve-2021-4104: investigated: false @@ -2186,7 +2187,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Network Address Translation (NAT) + product: Cloud Natural Language API cves: cve-2021-4104: investigated: false @@ -2214,9 +2215,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Natural Language API + product: Cloud Network Address Translation (NAT) cves: cve-2021-4104: investigated: false @@ -2244,7 +2245,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: Cloud Profiler cves: @@ -2372,7 +2373,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SDK + product: Cloud Scheduler cves: cve-2021-4104: investigated: false @@ -2402,7 +2403,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud SQL + product: Cloud SDK cves: cve-2021-4104: investigated: false @@ -2430,9 +2431,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-19T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Scheduler + product: Cloud Shell cves: cve-2021-4104: investigated: false @@ -2457,12 +2458,15 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. + in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate + logging solution that uses Log4j 2. We strongly encourage customers who manage + Cloud Shell environments to identify components dependent on Log4j 2 and update + them to the latest version. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Shell + product: Cloud Source Repositories cves: cve-2021-4104: investigated: false @@ -2487,15 +2491,12 @@ software: vendor_links: - https://cloud.google.com/log4j2-security-advisory notes: Product does not use Log4j 2 and is not impacted by the issues identified - in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate - logging solution that uses Log4j 2. We strongly encourage customers who manage - Cloud Shell environments to identify components dependent on Log4j 2 and update - them to the latest version. + in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Source Repositories + product: Cloud Spanner cves: cve-2021-4104: investigated: false @@ -2523,9 +2524,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-19T00:00:00' - vendor: Google Cloud - product: Cloud Spanner + product: Cloud SQL cves: cve-2021-4104: investigated: false @@ -2705,7 +2706,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud VPN + product: Cloud Vision cves: cve-2021-4104: investigated: false @@ -2733,9 +2734,9 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision + product: Cloud Vision OCR On-Prem cves: cve-2021-4104: investigated: false @@ -2765,7 +2766,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Google Cloud - product: Cloud Vision OCR On-Prem + product: Cloud VPN cves: cve-2021-4104: investigated: false @@ -2793,7 +2794,7 @@ software: in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-20T00:00:00' - vendor: Google Cloud product: CompilerWorks cves: @@ -4866,7 +4867,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4878,7 +4879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -4896,7 +4897,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: API Management + product: Alert Engine cves: cve-2021-4104: investigated: false @@ -4908,7 +4909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -4926,7 +4927,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4938,7 +4939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -4956,7 +4957,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: Gravitee - product: Alert Engine + product: API Management cves: cve-2021-4104: investigated: false @@ -4968,7 +4969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index 6456aa3..31674d6 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -423,7 +423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -453,7 +453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -483,7 +483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.0.7' + - < 10.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -543,7 +543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -573,7 +573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -603,7 +603,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -661,9 +661,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.21.7-1.22.9' - - '2.0.3-2.1.5' - - '2.2.0-3.0.2' + - 1.21.7-1.22.9 + - 2.0.3-2.1.5 + - 2.2.0-3.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -751,7 +751,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Elasticsearch 5.0.0+' + - Elasticsearch 5.0.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -770,6 +770,40 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: Hitachi Energy + product: 3rd party - Oracle Database Components + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + - 19c + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch + notes: As this is a third-party component, a separate patch management report + will be provided to customers with the steps to apply the Oracle provided patches + for these components. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Axis cves: @@ -813,7 +847,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v6' + - v6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -904,10 +938,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -940,7 +974,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -960,7 +994,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM SaaS offering + product: Lumada APM On-premises cves: cve-2021-4104: investigated: false @@ -984,13 +1018,12 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: No action is required by customers. The SaaS offering has been patched - per the recommendations. + notes: See vendor advisory for instructions for various versions. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: Lumada APM On-premises + product: Lumada APM SaaS offering cves: cve-2021-4104: investigated: false @@ -1014,7 +1047,8 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions for various versions. + notes: No action is required by customers. The SaaS offering has been patched + per the recommendations. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1030,9 +1064,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v1.7.x' - - 'v1.8.x' - - 'v1.9.x' + - v1.7.x + - v1.8.x + - v1.9.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -1079,38 +1113,6 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Hitachi Energy - product: Network Manager Outage Management Interface (CMI) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '9.0-9.10.44' - - '9.1.1' - - '10.3.4' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: See vendor advisory for instructions on mitigation steps. - references: - - '' - last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy product: Network Manager ADMS Network Model Server cves: @@ -1123,7 +1125,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.1.0.32-9.1.0.44' + - 9.1.0.32-9.1.0.44 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1142,7 +1144,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Hitachi Energy - product: 3rd party - Oracle Database Components + product: Network Manager Outage Management Interface (CMI) cves: cve-2021-4104: investigated: false @@ -1153,9 +1155,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '12.1' - - '12.2' - - '19c' + - 9.0-9.10.44 + - 9.1.1 + - 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1169,9 +1171,7 @@ software: unaffected_versions: [] vendor_links: - https://search.abb.com/library/Download.aspx?DocumentID=8DBD003132&LanguageCode=en&DocumentPartId=&Action=Launch - notes: As this is a third-party component, a separate patch management report - will be provided to customers with the steps to apply the Oracle provided patches - for these components. + notes: See vendor advisory for instructions on mitigation steps. references: - '' last_updated: '2022-01-05T00:00:00' @@ -1187,8 +1187,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.7.15' - - '3.7.16' + - 3.7.15 + - 3.7.16 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1218,7 +1218,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.0.0' + - 2.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1249,10 +1249,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R15A' - - 'R14B' - - 'R14A' - - 'R11B SP1' + - R15A + - R14B + - R14A + - R11B SP1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1285,7 +1285,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R11A and R10 series' + - R11A and R10 series unaffected_versions: [] cve-2021-45046: investigated: false @@ -1334,7 +1334,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: HMS Industrial Networks AB - product: Talk2M including M2Web + product: Cosy, Flexy and Ewon CD cves: cve-2021-4104: investigated: false @@ -1363,7 +1363,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Cosy, Flexy and Ewon CD + product: eCatcher Mobile applications cves: cve-2021-4104: investigated: false @@ -1421,7 +1421,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: eCatcher Mobile applications + product: Netbiter Hardware including EC, WS, and LC cves: cve-2021-4104: investigated: false @@ -1450,7 +1450,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: HMS Industrial Networks AB - product: Netbiter Hardware including EC, WS, and LC + product: Talk2M including M2Web cves: cve-2021-4104: investigated: false @@ -1478,8 +1478,8 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' - - vendor: Honeywell - product: '' + - vendor: HOLOGIC + product: Advanced Workflow Manager (AWM) cves: cve-2021-4104: investigated: false @@ -1502,13 +1502,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability - notes: '' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' - - vendor: HP - product: Teradici Cloud Access Controller + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Affirm Prone Biopsy System cves: cve-2021-4104: investigated: false @@ -1516,10 +1518,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< v113' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1532,13 +1533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici EMSDK + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Brevera Breast Biopsy System cves: cve-2021-4104: investigated: false @@ -1546,10 +1547,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 1.0.6' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1562,13 +1562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici Management Console + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Cenova Image Analytics Server cves: cve-2021-4104: investigated: false @@ -1576,10 +1576,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 21.10.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1592,13 +1591,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP Connection Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Dimensions / 3Dimensions Mammography System cves: cve-2021-4104: investigated: false @@ -1606,11 +1605,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '< 21.03.6' - - '< 20.07.4' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1623,13 +1620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HP - product: Teradici PCoIP License Server + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Discovery Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1652,13 +1649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: HPE - product: 3PAR StoreServ Arrays + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron CT Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1681,13 +1678,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, there is + a utility program installed that may utilize Java and Log4J. This utility program + does not run on startup and is not required for system operation. Please contact + Hologic Service for assistance in removing this program. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: AirWave Management Platform + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Faxitron Specimen Radiography Systems cves: cve-2021-4104: investigated: false @@ -1710,13 +1710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 6000 + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Fluoroscan Insight Mini C-Arm cves: cve-2021-4104: investigated: false @@ -1739,13 +1739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Alletra 9k + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Horizon DXA Bone Densitometer cves: cve-2021-4104: investigated: false @@ -1768,13 +1768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Central + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Rosetta DC Tomosynthesis Data Converter cves: cve-2021-4104: investigated: false @@ -1797,13 +1797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurView DX Workstation cves: cve-2021-4104: investigated: false @@ -1826,13 +1826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba ClearPass Policy Manager + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SecurXChange Router cves: cve-2021-4104: investigated: false @@ -1855,13 +1855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Instant (IAP) + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) cves: cve-2021-4104: investigated: false @@ -1884,13 +1884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba Location Services + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Trident HD Specimen Radiography System cves: cve-2021-4104: investigated: false @@ -1913,13 +1913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba NetEdit + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Unifi Workspace cves: cve-2021-4104: investigated: false @@ -1942,13 +1942,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: While the Hologic software itself does not utilize Java/Log4J, the installed + APC PowerChute UPS with Business Edition v9.5 software installed may. APC is + still assessing its PowerChute software to determine if it is vulnerable. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba PVOS Switches + last_updated: '2021-12-20T00:00:00' + - vendor: HOLOGIC + product: Windows Selenia Mammography System cves: cve-2021-4104: investigated: false @@ -1971,13 +1973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba SDN VAN Controller + last_updated: '2021-12-20T00:00:00' + - vendor: Honeywell + product: '' cves: cve-2021-4104: investigated: false @@ -2000,13 +2002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://www.honeywell.com/us/en/press/2021/12/honeywells-statement-on-java-apache-log4j-logging-framework-vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba User Experience Insight (UXI) + last_updated: '2022-01-12T07:18:53+00:00' + - vendor: HP + product: Teradici Cloud Access Controller cves: cve-2021-4104: investigated: false @@ -2014,9 +2016,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < v113 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2029,13 +2032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: Aruba VIA Client + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici EMSDK cves: cve-2021-4104: investigated: false @@ -2043,9 +2046,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 1.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2058,13 +2062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-CX switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici Management Console cves: cve-2021-4104: investigated: false @@ -2072,9 +2076,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.10.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2087,13 +2092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS-S switches + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP Connection Manager cves: cve-2021-4104: investigated: false @@ -2101,9 +2106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - < 21.03.6 + - < 20.07.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2116,13 +2123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: HPE - product: ArubaOS SD-WAN Controllers and Gateways + last_updated: '2021-12-17T00:00:00' + - vendor: HP + product: Teradici PCoIP License Server cves: cve-2021-4104: investigated: false @@ -2145,13 +2152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us - notes: 'Support Communication Cross Reference ID: SIK7387' + - https://support.hp.com/us-en/document/ish_5268006-5268030-16 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-17T00:00:00' - vendor: HPE - product: ArubaOS Wi-Fi Controllers and Gateways + product: 3PAR StoreServ Arrays cves: cve-2021-4104: investigated: false @@ -2180,7 +2187,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: BladeSystem Onboard Administrator + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2209,7 +2216,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy + product: Alletra 6000 cves: cve-2021-4104: investigated: false @@ -2238,7 +2245,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class + product: Alletra 9k cves: cve-2021-4104: investigated: false @@ -2267,7 +2274,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy + product: Aruba Central cves: cve-2021-4104: investigated: false @@ -2296,7 +2303,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Brocade Network Advisor + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2325,7 +2332,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudAuth + product: Aruba ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2354,7 +2361,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: CloudPhysics + product: Aruba Instant (IAP) cves: cve-2021-4104: investigated: false @@ -2383,7 +2390,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute Cloud Console + product: Aruba Location Services cves: cve-2021-4104: investigated: false @@ -2412,7 +2419,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Compute operations manager- FW UPDATE SERVICE + product: Aruba NetEdit cves: cve-2021-4104: investigated: false @@ -2441,7 +2448,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: COS (Cray Operating System) + product: Aruba PVOS Switches cves: cve-2021-4104: investigated: false @@ -2470,7 +2477,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Cray Systems Management (CSM) + product: Aruba SDN VAN Controller cves: cve-2021-4104: investigated: false @@ -2499,7 +2506,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Custom SPP Portal [Link](https://spp.hpe.com/custom) + product: Aruba User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -2528,7 +2535,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Data Services Cloud Console + product: Aruba VIA Client cves: cve-2021-4104: investigated: false @@ -2557,7 +2564,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Harmony Data Platform + product: ArubaOS SD-WAN Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2586,7 +2593,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HOP public services (grafana, vault, rancher, Jenkins) + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2615,7 +2622,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN2600B SAN Extension Switch + product: ArubaOS-CX switches cves: cve-2021-4104: investigated: false @@ -2644,7 +2651,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN4000B SAN Extension Switch + product: ArubaOS-S switches cves: cve-2021-4104: investigated: false @@ -2673,7 +2680,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6000B Fibre Channel Switch + product: BladeSystem Onboard Administrator cves: cve-2021-4104: investigated: false @@ -2702,7 +2709,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6500B Fibre Channel Switch + product: Brocade 16Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2731,7 +2738,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6600B Fibre Channel Switch + product: Brocade 16Gb SAN Switch for HPE BladeSystem c-Class cves: cve-2021-4104: investigated: false @@ -2760,7 +2767,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6650B Fibre Channel Switch + product: Brocade 32Gb Fibre Channel SAN Switch for HPE Synergy cves: cve-2021-4104: investigated: false @@ -2789,7 +2796,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE B-series SN6700B Fibre Channel Switch + product: Brocade Network Advisor cves: cve-2021-4104: investigated: false @@ -2818,7 +2825,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Customer Experience Assurance (CEA) + product: CloudAuth cves: cve-2021-4104: investigated: false @@ -2845,9 +2852,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager + product: CloudPhysics cves: cve-2021-4104: investigated: false @@ -2876,7 +2883,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Home Location Register (HLR/I-HLR) + product: Compute Cloud Console cves: cve-2021-4104: investigated: false @@ -2903,9 +2910,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Infosight for Servers + product: Compute operations manager- FW UPDATE SERVICE cves: cve-2021-4104: investigated: false @@ -2934,7 +2941,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Integrated Home Subscriber Server (I-HSS) + product: COS (Cray Operating System) cves: cve-2021-4104: investigated: false @@ -2961,9 +2968,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Messaging (IM) + product: Cray Systems Management (CSM) cves: cve-2021-4104: investigated: false @@ -2990,9 +2997,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Intelligent Network Server (INS) + product: Custom SPP Portal [Link](https://spp.hpe.com/custom) cves: cve-2021-4104: investigated: false @@ -3019,9 +3026,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Multimedia Services Environment (MSE) + product: Data Services Cloud Console cves: cve-2021-4104: investigated: false @@ -3048,9 +3055,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Convergent Communications Platform (OCCP) + product: Harmony Data Platform cves: cve-2021-4104: investigated: false @@ -3077,9 +3084,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Media Platform Media Resource Function (OCMP-MRF) + product: HOP public services (grafana, vault, rancher, Jenkins) cves: cve-2021-4104: investigated: false @@ -3106,9 +3113,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Access Controller (OC SAC) + product: HPE B-series SN2600B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3135,9 +3142,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Service Controller (OCSC) + product: HPE B-series SN4000B SAN Extension Switch cves: cve-2021-4104: investigated: false @@ -3164,9 +3171,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OC Universal Signaling Platform (OC-USP-M) + product: HPE B-series SN6000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3193,9 +3200,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView + product: HPE B-series SN6500B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3224,7 +3231,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView for VMware vRealize Operations (vROps) + product: HPE B-series SN6600B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3253,7 +3260,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE OneView Global Dashboard + product: HPE B-series SN6650B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3282,7 +3289,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Cluster Manager (HPCM) + product: HPE B-series SN6700B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -3309,9 +3316,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Performance Manager (PM) + product: HPE Customer Experience Assurance (CEA) cves: cve-2021-4104: investigated: false @@ -3340,7 +3347,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Position Determination Entity (PDE) + product: HPE Hardware Support Manager plug-in for VMware vSphere Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -3367,9 +3374,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Secure Identity Broker (SIB) + product: HPE Home Location Register (HLR/I-HLR) cves: cve-2021-4104: investigated: false @@ -3398,7 +3405,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Activator (SA) + product: HPE Infosight for Servers cves: cve-2021-4104: investigated: false @@ -3425,9 +3432,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Service Governance Framework (SGF) + product: HPE Integrated Home Subscriber Server (I-HSS) cves: cve-2021-4104: investigated: false @@ -3456,7 +3463,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Orchestration Manager (SOM) + product: HPE Intelligent Messaging (IM) cves: cve-2021-4104: investigated: false @@ -3485,7 +3492,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Service Provisioner (SP) + product: HPE Intelligent Network Server (INS) cves: cve-2021-4104: investigated: false @@ -3514,7 +3521,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Short Message Point-to-Point Gateway (SMPP) + product: HPE Multimedia Services Environment (MSE) cves: cve-2021-4104: investigated: false @@ -3543,7 +3550,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Slingshot + product: HPE OC Convergent Communications Platform (OCCP) cves: cve-2021-4104: investigated: false @@ -3570,9 +3577,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Smart Interaction Server (SIS) + product: HPE OC Media Platform Media Resource Function (OCMP-MRF) cves: cve-2021-4104: investigated: false @@ -3601,7 +3608,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN3000B Fibre Channel Switch + product: HPE OC Service Access Controller (OC SAC) cves: cve-2021-4104: investigated: false @@ -3628,9 +3635,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 4-Slot SAN Director Switch + product: HPE OC Service Controller (OCSC) cves: cve-2021-4104: investigated: false @@ -3657,9 +3664,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8000B 8-Slot SAN Backbone Director Switch + product: HPE OC Universal Signaling Platform (OC-USP-M) cves: cve-2021-4104: investigated: false @@ -3686,9 +3693,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE SN8600B 4-Slot SAN Director Switch + product: HPE OneView cves: cve-2021-4104: investigated: false @@ -3717,7 +3724,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8600B 8-Slot SAN Director Switch + product: HPE OneView for VMware vRealize Operations (vROps) cves: cve-2021-4104: investigated: false @@ -3746,7 +3753,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 4-Slot Director Switch + product: HPE OneView Global Dashboard cves: cve-2021-4104: investigated: false @@ -3775,7 +3782,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE SN8700B 8-Slot Director Switch + product: HPE Performance Cluster Manager (HPCM) cves: cve-2021-4104: investigated: false @@ -3802,9 +3809,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscriber, Network, and Application Policy (SNAP) + product: HPE Performance Manager (PM) cves: cve-2021-4104: investigated: false @@ -3833,7 +3840,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Subscription Manager (SM) + product: HPE Position Determination Entity (PDE) cves: cve-2021-4104: investigated: false @@ -3862,7 +3869,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Synergy Image Streamer + product: HPE Secure Identity Broker (SIB) cves: cve-2021-4104: investigated: false @@ -3889,9 +3896,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Systems Insight Manager (SIM) + product: HPE Service Activator (SA) cves: cve-2021-4104: investigated: false @@ -3918,9 +3925,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Telecom Application Server (TAS) + product: HPE Service Governance Framework (SGF) cves: cve-2021-4104: investigated: false @@ -3949,7 +3956,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Correlation and Automation (UCA) + product: HPE Service Orchestration Manager (SOM) cves: cve-2021-4104: investigated: false @@ -3978,7 +3985,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Mediation Bus (UMB) + product: HPE Service Provisioner (SP) cves: cve-2021-4104: investigated: false @@ -4007,7 +4014,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified OSS Console (UOC) + product: HPE Short Message Point-to-Point Gateway (SMPP) cves: cve-2021-4104: investigated: false @@ -4036,7 +4043,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Unified Topology Manager (UTM) + product: HPE Slingshot cves: cve-2021-4104: investigated: false @@ -4063,9 +4070,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Universal Identity Repository (VIR) + product: HPE Smart Interaction Server (SIS) cves: cve-2021-4104: investigated: false @@ -4094,7 +4101,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: HPE Universal SLA Manager (uSLAM) + product: HPE SN3000B Fibre Channel Switch cves: cve-2021-4104: investigated: false @@ -4121,9 +4128,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect + product: HPE SN8000B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4152,7 +4159,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Connect Enterprise Manager (VCEM) + product: HPE SN8000B 8-Slot SAN Backbone Director Switch cves: cve-2021-4104: investigated: false @@ -4181,7 +4188,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Provisioning Gateway (vPGW) + product: HPE SN8600B 4-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4208,9 +4215,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Server Environment (VSE) + product: HPE SN8600B 8-Slot SAN Director Switch cves: cve-2021-4104: investigated: false @@ -4239,7 +4246,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Virtual Subscriber Data Management (vSDM) + product: HPE SN8700B 4-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4266,9 +4273,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE WebRTC Gateway Controller (WGW) + product: HPE SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -4295,9 +4302,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: HPE Wi-Fi Authentication Gateway (WauG) + product: HPE Subscriber, Network, and Application Policy (SNAP) cves: cve-2021-4104: investigated: false @@ -4324,9 +4331,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Insight Cluster Management Utility (CMU) + product: HPE Subscription Manager (SM) cves: cve-2021-4104: investigated: false @@ -4353,9 +4360,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrated Lights-Out (iLO) Amplifier Pack + product: HPE Synergy Image Streamer cves: cve-2021-4104: investigated: false @@ -4384,7 +4391,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 4 (iLO 4) + product: HPE Systems Insight Manager (SIM) cves: cve-2021-4104: investigated: false @@ -4392,11 +4399,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '4' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4414,7 +4420,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Integrated Lights-Out 5 (iLO 5) + product: HPE Telecom Application Server (TAS) cves: cve-2021-4104: investigated: false @@ -4422,11 +4428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4442,9 +4447,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity BL860c, BL870c, BL890c + product: HPE Unified Correlation and Automation (UCA) cves: cve-2021-4104: investigated: false @@ -4471,9 +4476,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Rx2800/Rx2900 + product: HPE Unified Mediation Bus (UMB) cves: cve-2021-4104: investigated: false @@ -4500,9 +4505,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome 2 + product: HPE Unified OSS Console (UOC) cves: cve-2021-4104: investigated: false @@ -4529,9 +4534,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Integrity Superdome X + product: HPE Unified Topology Manager (UTM) cves: cve-2021-4104: investigated: false @@ -4558,9 +4563,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Intelligent Provisioning + product: HPE Universal Identity Repository (VIR) cves: cve-2021-4104: investigated: false @@ -4587,9 +4592,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: iSUT integrated smart update tool + product: HPE Universal SLA Manager (uSLAM) cves: cve-2021-4104: investigated: false @@ -4616,9 +4621,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Maven Artifacts (Atlas) + product: HPE Virtual Connect cves: cve-2021-4104: investigated: false @@ -4647,7 +4652,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: MSA + product: HPE Virtual Connect Enterprise Manager (VCEM) cves: cve-2021-4104: investigated: false @@ -4676,7 +4681,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NetEdit + product: HPE Virtual Provisioning Gateway (vPGW) cves: cve-2021-4104: investigated: false @@ -4703,9 +4708,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: Nimble Storage + product: HPE Virtual Server Environment (VSE) cves: cve-2021-4104: investigated: false @@ -4734,7 +4739,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: NS-T0634-OSM CONSOLE TOOLS + product: HPE Virtual Subscriber Data Management (vSDM) cves: cve-2021-4104: investigated: false @@ -4761,9 +4766,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: NS-T0977-SCHEMA VALIDATOR + product: HPE WebRTC Gateway Controller (WGW) cves: cve-2021-4104: investigated: false @@ -4790,9 +4795,9 @@ software: notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-12T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: HPE - product: OfficeConnect + product: HPE Wi-Fi Authentication Gateway (WauG) cves: cve-2021-4104: investigated: false @@ -4821,7 +4826,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Primera Storage + product: Insight Cluster Management Utility (CMU) cves: cve-2021-4104: investigated: false @@ -4850,7 +4855,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RepoServer part of OPA (on Premises aggregator) + product: Integrated Lights-Out (iLO) Amplifier Pack cves: cve-2021-4104: investigated: false @@ -4879,7 +4884,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Resource Aggregator for Open Distributed Infrastructure Management + product: Integrated Lights-Out 4 (iLO 4) cves: cve-2021-4104: investigated: false @@ -4887,10 +4892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '4' cve-2021-45046: investigated: false affected_versions: [] @@ -4908,7 +4914,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: RESTful Interface Tool (iLOREST) + product: Integrated Lights-Out 5 (iLO 5) cves: cve-2021-4104: investigated: false @@ -4916,10 +4922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5' cve-2021-45046: investigated: false affected_versions: [] @@ -4937,7 +4944,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SAT (System Admin Toolkit) + product: Integrity BL860c, BL870c, BL890c cves: cve-2021-4104: investigated: false @@ -4966,7 +4973,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) + product: Integrity Rx2800/Rx2900 cves: cve-2021-4104: investigated: false @@ -4995,7 +5002,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI MC990 X Server + product: Integrity Superdome 2 cves: cve-2021-4104: investigated: false @@ -5024,7 +5031,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 2000 Server + product: Integrity Superdome X cves: cve-2021-4104: investigated: false @@ -5053,7 +5060,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 300, 300H, 300RL, 30EX + product: Intelligent Provisioning cves: cve-2021-4104: investigated: false @@ -5082,7 +5089,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SGI UV 3000 Server + product: iSUT integrated smart update tool cves: cve-2021-4104: investigated: false @@ -5111,7 +5118,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SN8700B 8-Slot Director Switch + product: Maven Artifacts (Atlas) cves: cve-2021-4104: investigated: false @@ -5140,7 +5147,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEasy + product: MSA cves: cve-2021-4104: investigated: false @@ -5169,7 +5176,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver CVTL + product: NetEdit cves: cve-2021-4104: investigated: false @@ -5198,7 +5205,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver LTO Tape Drives + product: Nimble Storage cves: cve-2021-4104: investigated: false @@ -5227,7 +5234,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreEver MSL Tape Libraries + product: NS-T0634-OSM CONSOLE TOOLS cves: cve-2021-4104: investigated: false @@ -5256,7 +5263,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: StoreOnce + product: NS-T0977-SCHEMA VALIDATOR cves: cve-2021-4104: investigated: false @@ -5285,7 +5292,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: SUM (Smart Update Manager) + product: OfficeConnect cves: cve-2021-4104: investigated: false @@ -5314,7 +5321,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex 280 + product: Primera Storage cves: cve-2021-4104: investigated: false @@ -5343,7 +5350,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: Superdome Flex Server + product: RepoServer part of OPA (on Premises aggregator) cves: cve-2021-4104: investigated: false @@ -5372,7 +5379,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: HPE - product: UAN (User Access Node) + product: Resource Aggregator for Open Distributed Infrastructure Management cves: cve-2021-4104: investigated: false @@ -5400,8 +5407,8 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: HPE/Micro Focus - product: Data Protector + - vendor: HPE + product: RESTful Interface Tool (iLOREST) cves: cve-2021-4104: investigated: false @@ -5409,10 +5416,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '9.09' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5425,13 +5431,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003243 - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-17T00:00:00' - - vendor: HOLOGIC - product: Advanced Workflow Manager (AWM) + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SAT (System Admin Toolkit) cves: cve-2021-4104: investigated: false @@ -5454,15 +5460,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Unifi Workspace + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Scripting Tools for Windows PowerShell (HPEiLOCmdlets) cves: cve-2021-4104: investigated: false @@ -5485,15 +5489,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, the installed - APC PowerChute UPS with Business Edition v9.5 software installed may. APC is - still assessing its PowerChute software to determine if it is vulnerable. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron CT Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI MC990 X Server cves: cve-2021-4104: investigated: false @@ -5516,16 +5518,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: While the Hologic software itself does not utilize Java/Log4J, there is - a utility program installed that may utilize Java and Log4J. This utility program - does not run on startup and is not required for system operation. Please contact - Hologic Service for assistance in removing this program. + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Dimensions / 3Dimensions Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 2000 Server cves: cve-2021-4104: investigated: false @@ -5548,13 +5547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Affirm Prone Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 300, 300H, 300RL, 30EX cves: cve-2021-4104: investigated: false @@ -5577,13 +5576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Brevera Breast Biopsy System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SGI UV 3000 Server cves: cve-2021-4104: investigated: false @@ -5606,13 +5605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Trident HD Specimen Radiography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SN8700B 8-Slot Director Switch cves: cve-2021-4104: investigated: false @@ -5635,13 +5634,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurView DX Workstation + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEasy cves: cve-2021-4104: investigated: false @@ -5664,13 +5663,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Cenova Image Analytics Server + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver CVTL cves: cve-2021-4104: investigated: false @@ -5693,13 +5692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SecurXChange Router + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver LTO Tape Drives cves: cve-2021-4104: investigated: false @@ -5722,13 +5721,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Rosetta DC Tomosynthesis Data Converter + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreEver MSL Tape Libraries cves: cve-2021-4104: investigated: false @@ -5751,13 +5750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Faxitron Specimen Radiography Systems + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: StoreOnce cves: cve-2021-4104: investigated: false @@ -5780,13 +5779,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Horizon DXA Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: SUM (Smart Update Manager) cves: cve-2021-4104: investigated: false @@ -5809,13 +5808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Discovery Bone Densitometer + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex 280 cves: cve-2021-4104: investigated: false @@ -5838,13 +5837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Fluoroscan Insight Mini C-Arm + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: Superdome Flex Server cves: cve-2021-4104: investigated: false @@ -5867,13 +5866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: SuperSonic Imagine Ultrasound Products (Aixplorer & Aixplorer Mach) + last_updated: '2021-12-12T00:00:00' + - vendor: HPE + product: UAN (User Access Node) cves: cve-2021-4104: investigated: false @@ -5896,13 +5895,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity - notes: '' + - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us + notes: 'Support Communication Cross Reference ID: SIK7387' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: HOLOGIC - product: Windows Selenia Mammography System + last_updated: '2021-12-12T00:00:00' + - vendor: HPE/Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -5910,9 +5909,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '9.09' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5925,11 +5925,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.hologic.com/support/usa/breast-skeletal-products-cybersecurity + - https://portal.microfocus.com/s/article/KM000003243 notes: '' references: - - '' - last_updated: '2021-12-20T00:00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-17T00:00:00' - vendor: Huawei product: '' cves: diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 8c9c197..f07aca1 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2022-01-12T07:18:53+00:00' - vendor: IBM - product: BigFix Compliance + product: Analytics Engine cves: cve-2021-4104: investigated: false @@ -143,13 +143,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: BigFix Inventory + product: App Configuration cves: cve-2021-4104: investigated: false @@ -157,9 +158,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - VM Manager Tool & SAP Tool + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -172,15 +172,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: To verify if your instance is affected, go to the lib subdirectory of the - tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version - of log4j is included. Version is included in the name of the library. + vendor_links: + - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Analytics Engine + product: App Connect cves: cve-2021-4104: investigated: false @@ -209,7 +208,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Configuration + product: App ID cves: cve-2021-4104: investigated: false @@ -238,7 +237,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App Connect + product: Application Gateway cves: cve-2021-4104: investigated: false @@ -267,7 +266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: App ID + product: Aspera cves: cve-2021-4104: investigated: false @@ -296,7 +295,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Application Gateway + product: Aspera Endpoint cves: cve-2021-4104: investigated: false @@ -325,7 +324,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Endpoint + product: Aspera Enterprise cves: cve-2021-4104: investigated: false @@ -354,7 +353,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera Enterprise + product: Aspera fasp.io cves: cve-2021-4104: investigated: false @@ -383,7 +382,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera fasp.io + product: Bare Metal Servers cves: cve-2021-4104: investigated: false @@ -412,7 +411,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: IBM - product: Aspera + product: BigFix Compliance cves: cve-2021-4104: investigated: false @@ -434,14 +433,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:53+00:00' - vendor: IBM - product: Bare Metal Servers + product: BigFix Inventory cves: cve-2021-4104: investigated: false @@ -449,8 +447,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - VM Manager Tool & SAP Tool fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -463,12 +462,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.ibm.com/blogs/psirt/an-update-on-the-apache-log4j-cve-2021-44228-vulnerability/#list-of-products - notes: '' + vendor_links: [] + notes: To verify if your instance is affected, go to the lib subdirectory of the + tool (BESClient/LMT/SAPTOOL and BESClient/LMT/VMMAN) and check what version + of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:53+00:00' - vendor: IBM product: Block Storage cves: @@ -6228,7 +6228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6241,7 +6241,8 @@ software: unaffected_versions: [] vendor_links: - https://support.inductiveautomation.com/hc/en-us/articles/4416204541709-Regarding-CVE-2021-44228-Log4j-RCE-0-day - notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but they used an older version (1.2) that was not affected by this vulnerability. + notes: Older versions of Ignition (7.8 and older) did use the Log4j library, but + they used an older version (1.2) that was not affected by this vulnerability. references: - '' last_updated: '2022-01-19T00:00:00' @@ -6478,7 +6479,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Datacenter Manager + product: Computer Vision Annotation Tool maintained by Intel cves: cve-2021-4104: investigated: false @@ -6507,7 +6508,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: oneAPI sample browser plugin for Eclipse + product: Datacenter Manager cves: cve-2021-4104: investigated: false @@ -6536,7 +6537,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Debugger + product: Genomics Kernel Library cves: cve-2021-4104: investigated: false @@ -6565,7 +6566,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Secure Device Onboard + product: oneAPI sample browser plugin for Eclipse cves: cve-2021-4104: investigated: false @@ -6594,7 +6595,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Genomics Kernel Library + product: Secure Device Onboard cves: cve-2021-4104: investigated: false @@ -6623,7 +6624,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: System Studio + product: Sensor Solution Firmware Development Kit cves: cve-2021-4104: investigated: false @@ -6652,7 +6653,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Computer Vision Annotation Tool maintained by Intel + product: System Debugger cves: cve-2021-4104: investigated: false @@ -6681,7 +6682,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Intel - product: Sensor Solution Firmware Development Kit + product: System Studio cves: cve-2021-4104: investigated: false @@ -6710,7 +6711,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: ISC DHCP, aka dhcpd + product: BIND 9 cves: cve-2021-4104: investigated: false @@ -6740,7 +6741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: Kea DHCP + product: ISC DHCP, aka dhcpd cves: cve-2021-4104: investigated: false @@ -6770,7 +6771,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Internet Systems Consortium(ISC) - product: BIND 9 + product: Kea DHCP cves: cve-2021-4104: investigated: false @@ -6988,7 +6989,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7018,7 +7019,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7048,7 +7049,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7076,8 +7077,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '6.2.2' - - '6.3.0 to 6.3.3' + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7109,7 +7110,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: CETerm (Naurtech) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7139,7 +7170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7169,7 +7200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7199,7 +7230,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: ConnectPro (Termproxy) + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7229,7 +7290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7259,7 +7320,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7289,7 +7350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7319,7 +7380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7349,7 +7410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7379,7 +7440,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7409,7 +7470,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7427,7 +7488,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: ITSM 6/7 + product: Incapptic Connect cves: cve-2021-4104: investigated: '' @@ -7439,7 +7500,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7457,7 +7518,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Incapptic Connect + product: Insight cves: cve-2021-4104: investigated: '' @@ -7469,7 +7530,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7487,7 +7548,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Insight + product: ITSM 6/7 cves: cve-2021-4104: investigated: '' @@ -7499,7 +7560,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7529,7 +7590,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7559,7 +7620,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7589,7 +7650,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7607,7 +7668,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti EPM - Cloud Service Appliance + product: Ivanti Endpoint Security cves: cve-2021-4104: investigated: '' @@ -7619,7 +7680,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7637,7 +7698,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Endpoint Security + product: Ivanti Environment Manager cves: cve-2021-4104: investigated: '' @@ -7649,7 +7710,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7667,7 +7728,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Environment Manager + product: Ivanti EPM - Cloud Service Appliance cves: cve-2021-4104: investigated: '' @@ -7679,7 +7740,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7707,15 +7768,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.1.*' - - '2020.1.*' - - '2020.3.*' - - '2021.1.*' - - '4.4.*' + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* fixed_versions: - - '2021.3 HF2' - - '2021.1 HF1' - - '2020.3 HF2' + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 unaffected_versions: [] cve-2021-45046: investigated: '' @@ -7746,7 +7807,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7776,7 +7837,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7806,7 +7867,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7836,7 +7897,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7866,7 +7927,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7884,7 +7945,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Desk + product: Ivanti Security Controls (Patch ISec) cves: cve-2021-4104: investigated: '' @@ -7896,7 +7957,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7909,12 +7970,13 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: Not Affected. Java is no longer required since version 2018.3U3 Customers on older versions can uninstall JRE on their ISD Servers for mitigation. This will disable indexing of Attachments and Documents for full-text search. + notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory + Page references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Manager + product: Ivanti Service Desk cves: cve-2021-4104: investigated: '' @@ -7926,7 +7988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7939,12 +8001,14 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' + notes: Not Affected. Java is no longer required since version 2018.3U3 Customers + on older versions can uninstall JRE on their ISD Servers for mitigation. This + will disable indexing of Attachments and Documents for full-text search. references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Service Manager for Neurons (Cloud) + product: Ivanti Service Manager cves: cve-2021-4104: investigated: '' @@ -7956,7 +8020,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7974,7 +8038,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Ivanti Security Controls (Patch ISec) + product: Ivanti Service Manager for Neurons (Cloud) cves: cve-2021-4104: investigated: '' @@ -7986,7 +8050,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -7999,7 +8063,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See More INFO for Ivanti Security Controls (Patch ISec) in the Advisory Page + notes: '' references: - '' last_updated: '2022-01-18T00:00:00' @@ -8016,7 +8080,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8046,7 +8110,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8076,7 +8140,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8106,7 +8170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8136,7 +8200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8166,7 +8230,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8196,7 +8260,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8226,7 +8290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8254,7 +8318,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8286,7 +8350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8316,7 +8380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8346,7 +8410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8374,7 +8438,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8394,7 +8458,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Sentry (Core/Cloud) + product: MobileIron Core Connector cves: cve-2021-4104: investigated: '' @@ -8404,8 +8468,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.13' - - '9.14' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8420,12 +8483,12 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Sentry. + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. references: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: MobileIron Core Connector + product: MobileIron Sentry (Core/Cloud) cves: cve-2021-4104: investigated: '' @@ -8435,7 +8498,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - '9.13' + - '9.14' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8450,7 +8514,7 @@ software: unaffected_versions: [] vendor_links: - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + notes: See Advisory details for mitigation instructions for MobileIron Sentry. references: - '' last_updated: '2022-01-18T00:00:00' @@ -8467,7 +8531,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8497,7 +8561,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8527,7 +8591,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8545,7 +8609,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Desktop Client + product: Pulse Connect Secure cves: cve-2021-4104: investigated: '' @@ -8557,7 +8621,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8575,7 +8639,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Mobile Client + product: Pulse Desktop Client cves: cve-2021-4104: investigated: '' @@ -8587,7 +8651,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8605,7 +8669,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Services Director + product: Pulse Mobile Client cves: cve-2021-4104: investigated: '' @@ -8617,7 +8681,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8635,7 +8699,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Virtual Traffic Manager + product: Pulse One cves: cve-2021-4104: investigated: '' @@ -8647,7 +8711,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8665,7 +8729,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Web Application Firewall + product: Pulse Policy Secure cves: cve-2021-4104: investigated: '' @@ -8677,7 +8741,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8695,7 +8759,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Connect Secure + product: Pulse Services Director cves: cve-2021-4104: investigated: '' @@ -8707,7 +8771,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8725,7 +8789,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse One + product: Pulse Virtual Traffic Manager cves: cve-2021-4104: investigated: '' @@ -8737,7 +8801,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8755,7 +8819,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: Pulse Policy Secure + product: Pulse Web Application Firewall cves: cve-2021-4104: investigated: '' @@ -8767,7 +8831,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8797,7 +8861,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8827,7 +8891,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8857,7 +8921,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8887,7 +8951,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8917,7 +8981,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8947,7 +9011,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8977,7 +9041,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -8995,7 +9059,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Ivanti - product: ConnectPro (Termproxy) + product: Virtual Desktop Extender cves: cve-2021-4104: investigated: '' @@ -9007,7 +9071,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -9037,67 +9101,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: CETerm (Naurtech) - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US - notes: '' - references: - - '' - last_updated: '2022-01-18T00:00:00' - - vendor: Ivanti - product: Virtual Desktop Extender - cves: - cve-2021-4104: - investigated: '' - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -9127,7 +9131,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 3ab71be..c5139ee 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -209,9 +209,8 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -240,9 +239,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -252,9 +250,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -272,7 +270,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: ToolBox + product: Datalore cves: cve-2021-4104: investigated: false @@ -302,7 +300,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: TeamCity + product: Floating license server cves: cve-2021-4104: investigated: false @@ -312,9 +310,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '30211' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -326,13 +324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Hub + product: Gateway cves: cve-2021-4104: investigated: false @@ -342,9 +340,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.1.14080 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -356,13 +354,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: YouTrack Standalone + product: Hub cves: cve-2021-4104: investigated: false @@ -373,7 +371,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -386,13 +384,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: YouTrack InCloud + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -402,9 +402,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -422,7 +422,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Datalore + product: Kotlin cves: cve-2021-4104: investigated: false @@ -452,7 +452,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Space + product: Ktor cves: cve-2021-4104: investigated: false @@ -481,8 +481,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Jetbrains - product: Code With Me + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -492,9 +492,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - Unknown - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -512,7 +512,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Gateway + product: Space cves: cve-2021-4104: investigated: false @@ -542,7 +542,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Kotlin + product: TeamCity cves: cve-2021-4104: investigated: false @@ -566,13 +566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://youtrack.jetbrains.com/issue/TW-74298 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Ktor + product: ToolBox cves: cve-2021-4104: investigated: false @@ -602,7 +602,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: MPS + product: UpSource cves: cve-2021-4104: investigated: false @@ -612,9 +612,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -632,7 +632,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: Floating license server + product: YouTrack InCloud cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '30211' + - Unknown unaffected_versions: [] cve-2021-45046: investigated: false @@ -662,7 +662,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: JetBrains - product: UpSource + product: YouTrack Standalone cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - 2021.4.35970 unaffected_versions: [] cve-2021-45046: investigated: false @@ -686,7 +686,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ notes: '' references: - '' @@ -778,8 +778,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + - vendor: Johnson Controls + product: BCPro cves: cve-2021-4104: investigated: false @@ -791,7 +791,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -803,13 +803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -821,7 +821,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -839,7 +839,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -851,7 +851,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.80.x (all 2.80 versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -869,7 +869,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -881,7 +881,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -899,7 +899,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -911,7 +911,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -929,7 +929,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -941,7 +941,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - 2.90.x (all 2.90 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -959,7 +959,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -971,7 +971,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - 2.80.x (all 2.80 versions) cve-2021-45046: investigated: false affected_versions: [] @@ -989,7 +989,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -1001,7 +1001,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - 2.70 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -1019,7 +1019,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Metasys Products and Tools + product: C•CURE‐9000 cves: cve-2021-4104: investigated: false @@ -1031,7 +1031,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 2.60 (All versions) cve-2021-45046: investigated: false affected_versions: [] @@ -1049,7 +1049,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Facility Explorer + product: DLS cves: cve-2021-4104: investigated: false @@ -1061,7 +1061,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM AC2000 + product: Entrapass cves: cve-2021-4104: investigated: false @@ -1109,7 +1109,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM Hardware Products + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -1139,7 +1139,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Cameras + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -1169,7 +1169,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Insight + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -1199,7 +1199,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Tyco AI + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -1211,7 +1211,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -1229,7 +1229,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: DLS + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -1259,7 +1259,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Entrapass + product: Illustra Insight cves: cve-2021-4104: investigated: false @@ -1289,7 +1289,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Web + product: iSTAR cves: cve-2021-4104: investigated: false @@ -1319,7 +1319,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Gateway + product: Metasys Products and Tools cves: cve-2021-4104: investigated: false @@ -1349,7 +1349,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Qolsys IQ Panels + product: PowerSeries NEO cves: cve-2021-4104: investigated: false @@ -1379,7 +1379,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries NEO + product: PowerSeries Pro cves: cve-2021-4104: investigated: false @@ -1409,7 +1409,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries Pro + product: Qolsys IQ Panels cves: cve-2021-4104: investigated: false @@ -1469,7 +1469,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: VideoEdge + product: Tyco AI cves: cve-2021-4104: investigated: false @@ -1481,7 +1481,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -1499,7 +1499,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Server + product: victor cves: cve-2021-4104: investigated: false @@ -1511,7 +1511,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -1529,7 +1529,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Client + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -1541,7 +1541,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 cve-2021-45046: investigated: false affected_versions: [] @@ -1559,7 +1559,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision WebService + product: victor/ C•CURE‐9000 Unified cves: cve-2021-4104: investigated: false @@ -1571,7 +1571,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 cve-2021-45046: investigated: false affected_versions: [] @@ -1589,7 +1589,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: BCPro + product: VideoEdge cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -1618,8 +1618,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: iSTAR + - vendor: Journyx + product: '' cves: cve-2021-4104: investigated: false @@ -1627,11 +1627,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1643,13 +1642,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + last_updated: '2022-01-12T07:18:54+00:00' + - vendor: jPOS + product: (ISO-8583) bridge cves: cve-2021-4104: investigated: false @@ -1657,10 +1656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -1672,7 +1672,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 notes: '' references: - '' diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index 11c83aa..ee4821e 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -614,7 +614,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-ADVANCE + product: BOND Controller cves: cve-2021-4104: investigated: false @@ -643,7 +643,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND Controller + product: BOND RX cves: cve-2021-4104: investigated: false @@ -672,7 +672,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-III + product: BOND RXm cves: cve-2021-4104: investigated: false @@ -701,7 +701,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND-MAX + product: BOND-ADVANCE cves: cve-2021-4104: investigated: false @@ -730,7 +730,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RX + product: BOND-III cves: cve-2021-4104: investigated: false @@ -759,7 +759,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Leica BIOSYSTEMS - product: BOND RXm + product: BOND-MAX cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 987e2bb..42ad7ab 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -63,7 +63,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: ManageEngine - product: Servicedesk Plus + product: AD SelfService Plus cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '11305 and below' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - Build 6.1 build 6114 cve-2021-45046: investigated: false affected_versions: [] @@ -86,14 +86,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.manageengine.com/products/service-desk/security-response-plan.html + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-27T00:00:00' - vendor: ManageEngine - product: AD SelfService Plus + product: Servicedesk Plus cves: cve-2021-4104: investigated: false @@ -102,10 +101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 11305 and below fixed_versions: [] - unaffected_versions: - - 'Build 6.1 build 6114' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -116,11 +115,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.manageengine.com/products/service-desk/security-response-plan.html notes: '' references: - '' - last_updated: '2021-12-27T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: ManageEngine Zoho product: '' cves: @@ -151,7 +151,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: ManageEngine Zoho - product: ADManager Plus + product: ADAudit Plus cves: cve-2021-4104: investigated: false @@ -180,7 +180,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: ADAudit Plus + product: ADManager Plus cves: cve-2021-4104: investigated: false @@ -209,7 +209,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: DataSecurity Plus + product: Analytics Plus cves: cve-2021-4104: investigated: false @@ -238,7 +238,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: EventLog Analyzer + product: Cloud Security Plus cves: cve-2021-4104: investigated: false @@ -267,7 +267,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: M365 Manager Plus + product: DataSecurity Plus cves: cve-2021-4104: investigated: false @@ -296,7 +296,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: RecoveryManager Plus + product: EventLog Analyzer cves: cve-2021-4104: investigated: false @@ -412,7 +412,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Cloud Security Plus + product: M365 Manager Plus cves: cve-2021-4104: investigated: false @@ -470,7 +470,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: ManageEngine Zoho - product: Analytics Plus + product: RecoveryManager Plus cves: cve-2021-4104: investigated: false @@ -569,7 +569,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -598,7 +598,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.59.10+' + - 1.59.10+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -927,7 +927,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: ePolicy Orchestrator Application Server (ePO) + product: Enterprise Security Manager (ESM) cves: cve-2021-4104: investigated: false @@ -938,7 +938,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.10 CU11' + - 11.5.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -985,7 +985,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Host Intrusion Prevention (Host IPS) + product: ePolicy Orchestrator Application Server (ePO) cves: cve-2021-4104: investigated: false @@ -993,9 +993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.10 CU11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1007,13 +1008,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kc.mcafee.com/agent/index?page=content&id=SB10377 notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Management of Native Encryption (MNE) + product: Host Intrusion Prevention (Host IPS) cves: cve-2021-4104: investigated: false @@ -1041,7 +1043,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Active Response (MAR) + product: Management of Native Encryption (MNE) cves: cve-2021-4104: investigated: false @@ -1069,7 +1071,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Agent (MA) + product: McAfee Active Response (MAR) cves: cve-2021-4104: investigated: false @@ -1097,7 +1099,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Linux + product: McAfee Agent (MA) cves: cve-2021-4104: investigated: false @@ -1125,7 +1127,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Application and Change Control (MACC) for Windows + product: McAfee Application and Change Control (MACC) for Linux cves: cve-2021-4104: investigated: false @@ -1153,7 +1155,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Mac + product: McAfee Application and Change Control (MACC) for Windows cves: cve-2021-4104: investigated: false @@ -1181,7 +1183,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Client Proxy (MCP) for Windows + product: McAfee Client Proxy (MCP) for Mac cves: cve-2021-4104: investigated: false @@ -1209,7 +1211,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Drive Encryption (MDE) + product: McAfee Client Proxy (MCP) for Windows cves: cve-2021-4104: investigated: false @@ -1237,7 +1239,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft Exchange (MSME) + product: McAfee Drive Encryption (MDE) cves: cve-2021-4104: investigated: false @@ -1265,7 +1267,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: McAfee Security for Microsoft SharePoint (MSMS) + product: McAfee Security for Microsoft Exchange (MSME) cves: cve-2021-4104: investigated: false @@ -1321,7 +1323,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: McAfee - product: Enterprise Security Manager (ESM) + product: McAfee Security for Microsoft SharePoint (MSMS) cves: cve-2021-4104: investigated: false @@ -1329,10 +1331,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '11.5.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1344,8 +1345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://kc.mcafee.com/agent/index?page=content&id=SB10377 + vendor_links: [] notes: '' references: - '' @@ -1637,8 +1637,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microsoft - product: Azure Application Gateway + - vendor: Micro Focus + product: Data Protector cves: cve-2021-4104: investigated: false @@ -1646,9 +1646,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.20' + - '10.30' + - '10.40' + - '10.50' + - '10.60' + - '10.70' + - '10.80' + - '10.90' + - '10.91' + - '11.00' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1661,11 +1671,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://portal.microfocus.com/s/article/KM000003052 notes: '' references: - - '' - last_updated: '2022-01-12T07:18:54+00:00' + - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' + last_updated: '2021-12-13T00:00:00' - vendor: Microsoft product: Azure API Gateway cves: @@ -1696,7 +1706,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Azure Data lake store java + product: Azure Application Gateway cves: cve-2021-4104: investigated: false @@ -1704,9 +1714,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '< 2.3.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1720,7 +1729,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' @@ -1736,7 +1745,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 2.3.10' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1756,7 +1765,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Azure DevOps Server + product: Azure Data lake store java cves: cve-2021-4104: investigated: false @@ -1766,7 +1775,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2019.0 - 2020.1' + - < 2.3.10 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1780,7 +1789,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://github.com/Azure/azure-data-lake-store-java/blob/ed5d6304783286c3cfff0a1dee457a922e23ad48/CHANGES.md#version-2310 notes: '' references: - '' @@ -1815,7 +1824,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Azure Traffic Manager + product: Azure DevOps Server cves: cve-2021-4104: investigated: false @@ -1823,8 +1832,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2019.0 - 2020.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1838,13 +1848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Microsoft - product: Team Foundation Server + product: Azure Traffic Manager cves: cve-2021-4104: investigated: false @@ -1852,9 +1862,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '2018.2+' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1868,13 +1877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 + - https://msrc-blog.microsoft.com/2021/12/11/microsofts-response-to-cve-2021-44228-apache-log4j2/ notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Microstrategy - product: '' + - vendor: Microsoft + product: Team Foundation Server cves: cve-2021-4104: investigated: false @@ -1882,8 +1891,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2018.2+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1897,13 +1907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US + - https://devblogs.microsoft.com/devops/azure-devops-and-azure-devops-server-and-the-log4j-vulnerability/?WT.mc_id=DOP-MVP-5001511 notes: '' references: - '' last_updated: '2022-01-12T07:18:54+00:00' - - vendor: Micro Focus - product: Data Protector + - vendor: Microstrategy + product: '' cves: cve-2021-4104: investigated: false @@ -1911,19 +1921,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.20' - - '10.30' - - '10.40' - - '10.50' - - '10.60' - - '10.70' - - '10.80' - - '10.90' - - '10.91' - - '11.00' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1936,11 +1936,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://portal.microfocus.com/s/article/KM000003052 + - https://community.microstrategy.com/s/article/MicroStrategy-s-response-to-CVE-2021-44228-The-Log4j-0-Day-Vulnerability?language=en_US notes: '' references: - - '[https://portal.microfocus.com/s/article/KM000003050](https://portal.microfocus.com/s/article/KM000003050)' - last_updated: '2021-12-13T00:00:00' + - '' + last_updated: '2022-01-12T07:18:54+00:00' - vendor: Midori Global product: '' cves: @@ -2538,7 +2538,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2551,7 +2551,9 @@ software: unaffected_versions: [] vendor_links: - https://www.moxa.com/en/support/product-support/security-advisory/moxa-s-response-regarding-the-apache-log4j-vulnerability - notes: Moxa is investigating to determine if any of our products are affected by this vulnerability. At the time of publication, none of Moxa's products are affected. + notes: Moxa is investigating to determine if any of our products are affected + by this vulnerability. At the time of publication, none of Moxa's products are + affected. references: - '' last_updated: '2022-01-19T00:00:00' @@ -2586,7 +2588,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Mulesoft - product: Mule Runtime + product: Anypoint Studio cves: cve-2021-4104: investigated: false @@ -2596,8 +2598,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.x' - - '4.x' + - 7.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2618,7 +2619,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Mule Agent + product: Cloudhub cves: cve-2021-4104: investigated: false @@ -2626,9 +2627,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '6.x' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2649,7 +2649,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Cloudhub + product: Mule Agent cves: cve-2021-4104: investigated: false @@ -2657,8 +2657,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2679,7 +2680,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Mulesoft - product: Anypoint Studio + product: Mule Runtime cves: cve-2021-4104: investigated: false @@ -2689,7 +2690,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.x' + - 3.x + - 4.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index 3ce3b55..bcb7474 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -102,9 +102,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Vertica' - - 'Cloudera' - - 'Logstash' + - Vertica + - Cloudera + - Logstash fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -136,7 +136,7 @@ software: investigated: true affected_versions: - '>4.2' - - '<4..2.12' + - <4..2.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -282,7 +282,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.0.57' + - 3.0.57 unaffected_versions: [] cve-2021-45046: investigated: false @@ -312,7 +312,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '<7.4.3' + - <7.4.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -374,7 +374,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '21.04.0.5552' + - 21.04.0.5552 cve-2021-45046: investigated: false affected_versions: [] @@ -1343,7 +1343,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: Leap + product: LCM cves: cve-2021-4104: investigated: false @@ -1351,10 +1351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1367,12 +1368,12 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: Saas-Based Procuct. See Advisory. + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Nutanix - product: LCM + product: Leap cves: cve-2021-4104: investigated: false @@ -1380,11 +1381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1397,7 +1397,7 @@ software: unaffected_versions: [] vendor_links: - https://download.nutanix.com/alerts/Security_Advisory_0023.pdf - notes: '' + notes: Saas-Based Procuct. See Advisory. references: - '' last_updated: '2021-12-20T00:00:00' diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 4751f7c..89b0d7b 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta RADIUS Server Agent + product: Okta On-Prem MFA Agent cves: cve-2021-4104: investigated: false @@ -305,7 +305,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.17.0 + - < 1.4.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -319,13 +319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 + - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Verify + product: Okta RADIUS Server Agent cves: cve-2021-4104: investigated: false @@ -333,8 +333,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.17.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -348,13 +349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sec.okta.com/articles/2021/12/log4shell + - https://trust.okta.com/security-advisories/okta-radius-server-agent-cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta Workflows + product: Okta Verify cves: cve-2021-4104: investigated: false @@ -383,7 +384,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: Okta - product: Okta On-Prem MFA Agent + product: Okta Workflows cves: cve-2021-4104: investigated: false @@ -391,9 +392,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 1.4.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -407,7 +407,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://trust.okta.com/security-advisories/okta-on-prem-mfa-agent-cve-2021-44228 + - https://sec.okta.com/articles/2021/12/log4shell notes: '' references: - '' @@ -587,7 +587,7 @@ software: - '' last_updated: '2021-12-23T00:00:00' - vendor: Opto 22 - product: GRV-EPIC-PR1, GRV-EPIC-PR2 + product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP cves: cve-2021-4104: investigated: false @@ -597,9 +597,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 3.3.2 + - < 4.3g fixed_versions: - - 3.3.2 + - 4.3g unaffected_versions: [] cve-2021-45046: investigated: false @@ -618,7 +618,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AR1, GROOV-AR1-BASE, GROOV-AR1-SNAP + product: GROOV-AT1, GROOV-AT1-SNAP cves: cve-2021-4104: investigated: false @@ -649,7 +649,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-AT1, GROOV-AT1-SNAP + product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP cves: cve-2021-4104: investigated: false @@ -680,7 +680,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Opto 22 - product: GROOV-SVR-WIN, GROOV-SVR-WIN-BASE, GROOV-SVR-WIN-SNAP + product: GRV-EPIC-PR1, GRV-EPIC-PR2 cves: cve-2021-4104: investigated: false @@ -690,9 +690,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 4.3g + - < 3.3.2 fixed_versions: - - 4.3g + - 3.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -741,7 +741,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Exadata + product: Enterprise Manager cves: cve-2021-4104: investigated: false @@ -751,7 +751,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - <21.3.4 + - '13.5' + - 13.4 & 13.3.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -773,7 +774,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Oracle - product: Enterprise Manager + product: Exadata cves: cve-2021-4104: investigated: false @@ -783,8 +784,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '13.5' - - 13.4 & 13.3.2 + - <21.3.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index d877f90..a51cbb4 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -63,7 +63,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: QMATIC - product: Orchestra Central + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -72,10 +72,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.4+ fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -88,7 +88,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: '' + notes: Update to v. 2.8.2 which contains log4j 2.16 references: - '' last_updated: '2021-12-21T00:00:00' @@ -103,7 +103,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.4+ + - Cloud/Managed Service fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,7 +118,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + notes: log4j 2.16 applied 2021-12-15 references: - '' last_updated: '2021-12-21T00:00:00' @@ -153,7 +153,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QMATIC - product: Appointment Booking + product: Orchestra Central cves: cve-2021-4104: investigated: false @@ -162,10 +162,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Cloud/Managed Service + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -178,7 +178,7 @@ software: unaffected_versions: [] vendor_links: - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 3ef818e..fa14507 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -756,7 +756,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Samsung Electronics America - product: Knox Reseller Portal + product: Knox Admin Portal cves: cve-2021-4104: investigated: false @@ -766,15 +766,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -787,7 +787,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Manage + product: Knox Asset Intelligence cves: cve-2021-4104: investigated: false @@ -797,15 +797,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: - - 'Cloud' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -818,7 +818,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Admin Portal + product: Knox Configure cves: cve-2021-4104: investigated: false @@ -830,13 +830,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -849,7 +849,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + product: Knox E-FOTA One cves: cve-2021-4104: investigated: false @@ -861,13 +861,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -880,7 +880,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Configure + product: Knox Guard cves: cve-2021-4104: investigated: false @@ -892,13 +892,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -911,7 +911,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Asset Intelligence + product: Knox License Management cves: cve-2021-4104: investigated: false @@ -923,13 +923,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -942,7 +942,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox E-FOTA One + product: Knox Manage cves: cve-2021-4104: investigated: false @@ -952,15 +952,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -985,13 +985,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1004,7 +1004,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox Guard + product: Knox Mobile Enrollment cves: cve-2021-4104: investigated: false @@ -1016,13 +1016,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -1035,7 +1035,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: Samsung Electronics America - product: Knox License Management + product: Knox Reseller Portal cves: cve-2021-4104: investigated: false @@ -1045,15 +1045,15 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] @@ -1361,7 +1361,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Schneider Electric - product: EcoStruxure IT Gateway + product: EASYFIT cves: cve-2021-4104: investigated: false @@ -1370,9 +1370,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1385,13 +1385,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EcoStruxure IT Expert + product: Ecoreal XL cves: cve-2021-4104: investigated: false @@ -1400,9 +1400,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Cloud + affected_versions: + - Current software and earlier + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1414,13 +1414,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Facility Expert Small Business + product: EcoStruxure IT Expert cves: cve-2021-4104: investigated: false @@ -1443,14 +1444,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Wiser by SE platform + product: EcoStruxure IT Gateway cves: cve-2021-4104: investigated: false @@ -1461,7 +1461,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Cloud + - V1.5.0 to V1.13.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1473,13 +1473,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: EASYFIT + product: Eurotherm Data Reviewer cves: cve-2021-4104: investigated: false @@ -1489,7 +1490,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - V3.0.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1509,7 +1510,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Ecoreal XL + product: Facility Expert Small Business cves: cve-2021-4104: investigated: false @@ -1518,9 +1519,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -1539,7 +1540,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Eurotherm Data Reviewer + product: MSE cves: cve-2021-4104: investigated: false @@ -1549,7 +1550,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - V3.0.2 and prior + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1569,7 +1570,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: MSE + product: NetBotz750/755 cves: cve-2021-4104: investigated: false @@ -1579,7 +1580,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - Software versions 5.0 through 5.3.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1599,7 +1600,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: NetBotz750/755 + product: NEW630 cves: cve-2021-4104: investigated: false @@ -1609,7 +1610,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Software versions 5.0 through 5.3.0 + - Current software and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1629,7 +1630,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: NEW630 + product: SDK BOM cves: cve-2021-4104: investigated: false @@ -1659,7 +1660,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK BOM + product: SDK-Docgen cves: cve-2021-4104: investigated: false @@ -1689,7 +1690,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-Docgen + product: SDK-TNC cves: cve-2021-4104: investigated: false @@ -1719,7 +1720,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-TNC + product: SDK-UMS cves: cve-2021-4104: investigated: false @@ -1749,7 +1750,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK-UMS + product: SDK3D2DRenderer cves: cve-2021-4104: investigated: false @@ -1779,7 +1780,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK3D2DRenderer + product: SDK3D360Widget cves: cve-2021-4104: investigated: false @@ -1809,7 +1810,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SDK3D360Widget + product: Select and Config DATA cves: cve-2021-4104: investigated: false @@ -1839,7 +1840,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: Select and Config DATA + product: SNC-API cves: cve-2021-4104: investigated: false @@ -1869,7 +1870,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNC-API + product: SNC-CMM cves: cve-2021-4104: investigated: false @@ -1899,7 +1900,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNC-CMM + product: SNCSEMTECH cves: cve-2021-4104: investigated: false @@ -1929,7 +1930,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SNCSEMTECH + product: SPIMV3 cves: cve-2021-4104: investigated: false @@ -1959,7 +1960,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SPIMV3 + product: SWBEditor cves: cve-2021-4104: investigated: false @@ -1989,7 +1990,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SWBEditor + product: SWBEngine cves: cve-2021-4104: investigated: false @@ -2019,7 +2020,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Schneider Electric - product: SWBEngine + product: Wiser by SE platform cves: cve-2021-4104: investigated: false @@ -2028,9 +2029,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -2042,8 +2043,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' @@ -2252,7 +2252,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Securonix - product: SNYPR Application + product: Extended Detection and Response (XDR) cves: cve-2021-4104: investigated: false @@ -2260,8 +2260,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2275,8 +2276,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf - notes: '' + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 references: - '' last_updated: '2021-12-10T00:00:00' @@ -2311,7 +2312,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + product: Security Analytics and Operations Platform (SOAR) cves: cve-2021-4104: investigated: false @@ -2341,7 +2342,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + product: SNYPR Application cves: cve-2021-4104: investigated: false @@ -2349,9 +2350,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - All + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2365,13 +2365,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' references: - '' last_updated: '2021-12-10T00:00:00' - vendor: Securonix - product: Extended Detection and Response (XDR) + product: User and Entity Behavior Analytics(UEBA) cves: cve-2021-4104: investigated: false @@ -2906,7 +2906,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + product: Cios Flow S1 / Alpha / Spin VA30 cves: cve-2021-4104: investigated: false @@ -2930,12 +2930,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + product: Cios Select FD/I.I. VA21 / VA21-S3P cves: cve-2021-4104: investigated: false @@ -2964,7 +2964,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + product: DICOM Proxy VB10A cves: cve-2021-4104: investigated: false @@ -2988,7 +2988,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3546,7 +3546,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A cves: cve-2021-4104: investigated: false @@ -3570,12 +3570,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + product: Somatom Emotion Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3599,13 +3599,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + product: Somatom Scope Som5 VC50 cves: cve-2021-4104: investigated: false @@ -3629,13 +3628,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: evaluation ongoing references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A cves: cve-2021-4104: investigated: false @@ -3659,15 +3657,12 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + product: Syngo MobileViewer VA10A cves: cve-2021-4104: investigated: false @@ -3691,12 +3686,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 cves: cve-2021-4104: investigated: false @@ -3720,12 +3716,13 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 cves: cve-2021-4104: investigated: false @@ -3749,12 +3746,15 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: Please contact your Customer Service to get support on mitigating the vulnerability. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 cves: cve-2021-4104: investigated: false @@ -3778,7 +3778,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + notes: 'Workaround: remove the vulnerable class from the .jar file' references: - '' last_updated: '2021-12-22T00:00:00' @@ -3901,7 +3901,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Sierra Wireless - product: AM/AMM servers + product: AirVantage and Octave cloud platforms cves: cve-2021-4104: investigated: false @@ -3925,12 +3925,13 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: '' + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + product: AM/AMM servers cves: cve-2021-4104: investigated: false @@ -3954,8 +3955,7 @@ software: unaffected_versions: [] vendor_links: - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -4283,8 +4283,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snakemake - product: Snakemake + - vendor: Sn0m + product: '' cves: cve-2021-4104: investigated: false @@ -4292,11 +4292,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.12.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4308,13 +4307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Sn0m - product: '' + last_updated: '2022-01-12T07:18:55+00:00' + - vendor: Snakemake + product: Snakemake cves: cve-2021-4104: investigated: false @@ -4322,10 +4321,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 6.12.1 cve-2021-45046: investigated: false affected_versions: [] @@ -4337,11 +4337,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + - https://snakemake.readthedocs.io/en/stable/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2021-12-21T00:00:00' - vendor: Snow Software product: Snow Commander cves: @@ -4645,7 +4645,7 @@ software: - '' last_updated: '2021-12-29T00:00:00' - vendor: SonicWall - product: Capture Client & Capture Client Portal + product: Access Points cves: cve-2021-4104: investigated: false @@ -4669,12 +4669,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + notes: Log4j2 not used in the SonicWall Access Points references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Access Points + product: Analytics cves: cve-2021-4104: investigated: false @@ -4698,12 +4698,12 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + notes: Under Review references: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analytics + product: Analyzer cves: cve-2021-4104: investigated: false @@ -4732,7 +4732,7 @@ software: - '' last_updated: '2021-12-12T00:00:00' - vendor: SonicWall - product: Analyzer + product: Capture Client & Capture Client Portal cves: cve-2021-4104: investigated: false @@ -4756,7 +4756,7 @@ software: unaffected_versions: [] vendor_links: - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + notes: Log4j2 not used in the Capture Client. references: - '' last_updated: '2021-12-12T00:00:00' @@ -5553,7 +5553,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Spacelabs Healthcare - product: XprezzNet + product: ABP cves: cve-2021-4104: investigated: false @@ -5565,7 +5565,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '96190' + - OnTrak + - 90217A + - and 90207 cve-2021-45046: investigated: false affected_versions: [] @@ -5583,7 +5585,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + product: CardioExpress cves: cve-2021-4104: investigated: false @@ -5591,10 +5593,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A cve-2021-45046: investigated: false affected_versions: [] @@ -5612,7 +5617,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + product: DM3 and DM4 Monitors cves: cve-2021-4104: investigated: false @@ -5641,7 +5646,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit Telemetry Receiver (XTR) + product: Eclipse Pro cves: cve-2021-4104: investigated: false @@ -5649,11 +5654,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '96280' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5671,7 +5675,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xhibit, XC4 + product: EVO cves: cve-2021-4104: investigated: false @@ -5679,12 +5683,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Xhibit 96102 - - XC4 96501 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5702,7 +5704,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Xprezzon + product: Intesys Clinical Suite (ICS) cves: cve-2021-4104: investigated: false @@ -5710,11 +5712,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91393' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5732,7 +5733,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube + product: Intesys Clinical Suite (ICS) Clinical Access Workstations cves: cve-2021-4104: investigated: false @@ -5740,11 +5741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91390' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5762,7 +5762,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Qube Mini + product: Lifescreen Pro cves: cve-2021-4104: investigated: false @@ -5770,11 +5770,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91389' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5792,7 +5791,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Ultraview SL + product: Pathfinder SL cves: cve-2021-4104: investigated: false @@ -5800,14 +5799,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '91367' - - '91369' - - '91370' - - and 91387 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5825,7 +5820,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + product: Qube cves: cve-2021-4104: investigated: false @@ -5833,10 +5828,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91390' cve-2021-45046: investigated: false affected_versions: [] @@ -5854,7 +5850,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Sentinel + product: Qube Mini cves: cve-2021-4104: investigated: false @@ -5862,10 +5858,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -5883,7 +5880,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Pathfinder SL + product: SafeNSound cves: cve-2021-4104: investigated: false @@ -5891,9 +5888,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5907,12 +5905,12 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + notes: Version >4.3.1 - Not Affected references: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Lifescreen Pro + product: Sentinel cves: cve-2021-4104: investigated: false @@ -5941,7 +5939,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: EVO + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -5970,7 +5968,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Eclipse Pro + product: Ultraview SL cves: cve-2021-4104: investigated: false @@ -5978,10 +5976,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '91367' + - '91369' + - '91370' + - and 91387 cve-2021-45046: investigated: false affected_versions: [] @@ -5999,7 +6001,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: CardioExpress + product: Xhibit Telemetry Receiver (XTR) cves: cve-2021-4104: investigated: false @@ -6011,9 +6013,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - SL6A - - SL12A - - and SL18A + - '96280' cve-2021-45046: investigated: false affected_versions: [] @@ -6031,7 +6031,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: ABP + product: Xhibit, XC4 cves: cve-2021-4104: investigated: false @@ -6043,9 +6043,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - OnTrak - - 90217A - - and 90207 + - Xhibit 96102 + - XC4 96501 cve-2021-45046: investigated: false affected_versions: [] @@ -6063,7 +6062,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + product: XprezzNet cves: cve-2021-4104: investigated: false @@ -6071,10 +6070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '96190' cve-2021-45046: investigated: false affected_versions: [] @@ -6092,7 +6092,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Spacelabs Healthcare - product: SafeNSound + product: Xprezzon cves: cve-2021-4104: investigated: false @@ -6102,9 +6102,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 4.3.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91393' cve-2021-45046: investigated: false affected_versions: [] @@ -6117,7 +6117,7 @@ software: unaffected_versions: [] vendor_links: - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + notes: '' references: - '' last_updated: '2022-01-05T00:00:00' @@ -6180,7 +6180,7 @@ software: - '' last_updated: '2022-01-12T07:18:55+00:00' - vendor: Splunk - product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) + product: Data Stream Processor cves: cve-2021-4104: investigated: false @@ -6190,7 +6190,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.2.0 and older + - DSP 1.0.x + - DSP 1.1.x + - DSP 1.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6210,7 +6212,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) + product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) cves: cve-2021-4104: investigated: false @@ -6220,7 +6222,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - '4.11' + - 4.10.x (Cloud only) + - 4.9.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6240,7 +6244,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) + product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) cves: cve-2021-4104: investigated: false @@ -6250,7 +6254,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.0.0 and older + - 4.11.0 + - 4.10.x (Cloud only) + - 4.9.x + - 4.8.x (Cloud only) + - 4.7.x + - 4.6.x + - 4.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6270,7 +6280,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Data Stream Processor + product: Splunk Add-On for Java Management Extensions [App ID 2647](https://splunkbase.splunk.com/app/2647) cves: cve-2021-4104: investigated: false @@ -6280,9 +6290,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - DSP 1.0.x - - DSP 1.1.x - - DSP 1.2.x + - 5.2.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6302,7 +6310,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Essentials Work [App ID 5403](https://splunkbase.splunk.com/app/5403/) + product: Splunk Add-On for Tomcat [App ID 2911](https://splunkbase.splunk.com/app/2911/) cves: cve-2021-4104: investigated: false @@ -6312,9 +6320,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '4.11' - - 4.10.x (Cloud only) - - 4.9.x + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6334,7 +6340,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: IT Service Intelligence (ITSI) [App ID 1841](https://splunkbase.splunk.com/app/1841/) + product: Splunk Application Performance Monitoring cves: cve-2021-4104: investigated: false @@ -6344,13 +6350,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.11.0 - - 4.10.x (Cloud only) - - 4.9.x - - 4.8.x (Cloud only) - - 4.7.x - - 4.6.x - - 4.5.x + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6492,7 +6492,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Logging Library for Java + product: Splunk Infrastructure Monitoring cves: cve-2021-4104: investigated: false @@ -6502,7 +6502,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.11.0 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6522,7 +6522,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) + product: Splunk Log Observer cves: cve-2021-4104: investigated: false @@ -6532,7 +6532,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.0.3 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6552,7 +6552,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) + product: Splunk Logging Library for Java cves: cve-2021-4104: investigated: false @@ -6562,7 +6562,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.2.1 and older + - 1.11.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6582,7 +6582,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) + product: Splunk On-call / VictorOps cves: cve-2021-4104: investigated: false @@ -6592,7 +6592,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.1.1 and older + - Current fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6612,7 +6612,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk On-call / VictorOps + product: Splunk OVA for VMWare [App ID 3216](https://splunkbase.splunk.com/app/3216/) cves: cve-2021-4104: investigated: false @@ -6622,7 +6622,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.0.3 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6642,7 +6642,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Real User Monitoring + product: Splunk OVA for VMWare Metrics [App ID 5096](https://splunkbase.splunk.com/app/5096/) cves: cve-2021-4104: investigated: false @@ -6652,7 +6652,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 4.2.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6672,7 +6672,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Application Performance Monitoring + product: Splunk Real User Monitoring cves: cve-2021-4104: investigated: false @@ -6702,7 +6702,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Infrastructure Monitoring + product: Splunk Splunk Add-On for JBoss [App ID 2954](https://splunkbase.splunk.com/app/2954/) cves: cve-2021-4104: investigated: false @@ -6712,7 +6712,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 3.0.0 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6732,7 +6732,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Log Observer + product: Splunk Synthetics cves: cve-2021-4104: investigated: false @@ -6762,7 +6762,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk Synthetics + product: Splunk UBA OVA Software cves: cve-2021-4104: investigated: false @@ -6772,7 +6772,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current + - 5.0.3a + - 5.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6792,7 +6793,7 @@ software: - '' last_updated: '2021-12-30T08:20:00-08:00' - vendor: Splunk - product: Splunk UBA OVA Software + product: Splunk VMWare OVA for ITSI [App ID 4760](https://splunkbase.splunk.com/app/4760/) cves: cve-2021-4104: investigated: false @@ -6802,8 +6803,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.0.3a - - 5.0.0 + - 1.1.1 and older fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6998,7 +6998,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD Edge + product: AMSCO 2000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7027,7 +7027,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: EndoDry + product: AMSCO 3000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7056,7 +7056,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RapidAER + product: AMSCO 400 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7085,7 +7085,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Endora + product: AMSCO 400 SMALL STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7114,7 +7114,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Canexis 1.0 + product: AMSCO 5000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7143,7 +7143,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectoHIS + product: AMSCO 600 MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7172,7 +7172,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ScopeBuddy+ + product: AMSCO 7000 SERIES WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -7201,7 +7201,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: DSD-201, + product: AMSCO CENTURY MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7230,7 +7230,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CER Optima + product: AMSCO CENTURY SMALL STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7259,7 +7259,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Renatron + product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS cves: cve-2021-4104: investigated: false @@ -7288,7 +7288,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ConnectAssure Technology + product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7317,7 +7317,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SPM Surgical Asset Tracking Software + product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER cves: cve-2021-4104: investigated: false @@ -7346,7 +7346,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CS-iQ Sterile Processing Workflow + product: Canexis 1.0 cves: cve-2021-4104: investigated: false @@ -7375,7 +7375,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 2000 SERIES WASHER DISINFECTORS + product: CELERITY HP INCUBATOR cves: cve-2021-4104: investigated: false @@ -7404,7 +7404,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 3000 SERIES WASHER DISINFECTORS + product: CELERITY STEAM INCUBATOR cves: cve-2021-4104: investigated: false @@ -7433,7 +7433,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 5000 SERIES WASHER DISINFECTORS + product: CER Optima cves: cve-2021-4104: investigated: false @@ -7462,7 +7462,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 7000 SERIES WASHER DISINFECTORS + product: Clarity Software cves: cve-2021-4104: investigated: false @@ -7491,7 +7491,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE 444 WASHER DISINFECTOR + product: Connect Software cves: cve-2021-4104: investigated: false @@ -7520,7 +7520,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE SYNERGY WASHER DISINFECTOR + product: ConnectAssure Technology cves: cve-2021-4104: investigated: false @@ -7549,7 +7549,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS + product: ConnectoHIS cves: cve-2021-4104: investigated: false @@ -7578,7 +7578,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR + product: CS-iQ Sterile Processing Workflow cves: cve-2021-4104: investigated: false @@ -7607,7 +7607,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR + product: DSD Edge cves: cve-2021-4104: investigated: false @@ -7636,7 +7636,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 MEDIUM STEAM STERILIZER + product: DSD-201, cves: cve-2021-4104: investigated: false @@ -7665,7 +7665,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 400 SMALL STEAM STERILIZERS + product: EndoDry cves: cve-2021-4104: investigated: false @@ -7694,7 +7694,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO 600 MEDIUM STEAM STERILIZER + product: Endora cves: cve-2021-4104: investigated: false @@ -7723,7 +7723,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY MEDIUM STEAM STERILIZER + product: Harmony iQ Integration Systems cves: cve-2021-4104: investigated: false @@ -7752,7 +7752,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO CENTURY SMALL STEAM STERILIZER + product: Harmony iQ Perspectives Image Management System cves: cve-2021-4104: investigated: false @@ -7781,7 +7781,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EAGLE 3000 SERIES STAGE 3 STEAM STERILIZERS + product: HexaVue cves: cve-2021-4104: investigated: false @@ -7810,7 +7810,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION FLOOR LOADER STEAM STERILIZER + product: HexaVue Integration System cves: cve-2021-4104: investigated: false @@ -7839,7 +7839,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: AMSCO EVOLUTION MEDIUM STEAM STERILIZER + product: IDSS Integration System cves: cve-2021-4104: investigated: false @@ -7868,7 +7868,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY HP INCUBATOR + product: RapidAER cves: cve-2021-4104: investigated: false @@ -7897,7 +7897,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: CELERITY STEAM INCUBATOR + product: ReadyTracker cves: cve-2021-4104: investigated: false @@ -7926,7 +7926,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS + product: RealView Visual Workflow Management System cves: cve-2021-4104: investigated: false @@ -7955,7 +7955,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM + product: RELIANCE 444 WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -7984,7 +7984,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE SYNERGY WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8013,7 +8013,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION 1300 SERIES CART AND UTENSIL WASHER DISINFECTORS cves: cve-2021-4104: investigated: false @@ -8042,7 +8042,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION MULTI- CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8071,7 +8071,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM + product: RELIANCE VISION SINGLE CHAMBER WASHER DISINFECTOR cves: cve-2021-4104: investigated: false @@ -8100,7 +8100,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM + product: Renatron cves: cve-2021-4104: investigated: false @@ -8129,7 +8129,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: SecureCare ProConnect Technical Support Services + product: ScopeBuddy+ cves: cve-2021-4104: investigated: false @@ -8158,7 +8158,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue Integration System + product: SecureCare ProConnect Technical Support Services cves: cve-2021-4104: investigated: false @@ -8187,7 +8187,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: IDSS Integration System + product: Situational Awareness for Everyone Display (S.A.F.E.) cves: cve-2021-4104: investigated: false @@ -8216,7 +8216,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Integration Systems + product: SPM Surgical Asset Tracking Software cves: cve-2021-4104: investigated: false @@ -8245,7 +8245,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: HexaVue + product: SYSTEM 1 endo LIQUID CHEMICAL STERILANT PROCESSING SYSTEM cves: cve-2021-4104: investigated: false @@ -8274,7 +8274,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Connect Software + product: V-PRO 1 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8303,7 +8303,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Harmony iQ Perspectives Image Management System + product: V-PRO 1 PLUS LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8332,7 +8332,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Clarity Software + product: V-PRO MAX 2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8361,7 +8361,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: Situational Awareness for Everyone Display (S.A.F.E.) + product: V-PRO MAX LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8390,7 +8390,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: RealView Visual Workflow Management System + product: V-PRO S2 LOW TEMPERATURE STERILIZATION SYSTEM cves: cve-2021-4104: investigated: false @@ -8419,7 +8419,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: STERIS - product: ReadyTracker + product: VERIFY INCUBATOR FOR ASSERT SELF-CONTAINED BIOLOGICAL INDICATORS cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index ff7a99e..de948b6 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Tableau - product: Tableau Server + product: Tableau Bridge cves: cve-2021-4104: investigated: false @@ -15,19 +15,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 2021.4' - - 2021.3.4 - - 2021.2.5 - - 2021.1.8 - - 2020.4.11 - - 2020.3.14 - - 2020.2.19 - - 2020.1.22 - - 2019.4.25 - - 2019.3.26 - - 2019.2.29 - - 2019.1.29 - - 2018.3.29 + - 'The following versions and lower: 20214.21.1109.1748' + - 20213.21.1112.1434 + - 20212.21.0818.1843 + - 20211.21.0617.1133 + - 20204.21.0217.1203 + - 20203.20.0913.2112 + - 20202.20.0721.1350 + - 20201.20.0614.2321 + - 20194.20.0614.2307 + - 20193.20.0614.2306 + - 20192.19.0917.1648 + - 20191.19.0402.1911 + - 20183.19.0115.1143 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -191,7 +191,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Tableau - product: Tableau Bridge + product: Tableau Server cves: cve-2021-4104: investigated: false @@ -201,19 +201,19 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'The following versions and lower: 20214.21.1109.1748' - - 20213.21.1112.1434 - - 20212.21.0818.1843 - - 20211.21.0617.1133 - - 20204.21.0217.1203 - - 20203.20.0913.2112 - - 20202.20.0721.1350 - - 20201.20.0614.2321 - - 20194.20.0614.2307 - - 20193.20.0614.2306 - - 20192.19.0917.1648 - - 20191.19.0402.1911 - - 20183.19.0115.1143 + - 'The following versions and lower: 2021.4' + - 2021.3.4 + - 2021.2.5 + - 2021.1.8 + - 2020.4.11 + - 2020.3.14 + - 2020.2.19 + - 2020.1.22 + - 2019.4.25 + - 2019.3.26 + - 2019.2.29 + - 2019.1.29 + - 2018.3.29 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -557,7 +557,7 @@ software: - '' last_updated: '2022-01-12T07:18:56+00:00' - vendor: Thales - product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core + product: CADP/SafeNet Protect App (PA) - JCE cves: cve-2021-4104: investigated: false @@ -586,7 +586,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Embedded + product: CipherTrust Application Data Protection (CADP) – CAPI.net & Net Core cves: cve-2021-4104: investigated: false @@ -615,7 +615,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Database Protection + product: CipherTrust Batch Data Transformation (BDT) 2.3 cves: cve-2021-4104: investigated: false @@ -644,7 +644,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Manager + product: CipherTrust Cloud Key Manager (CCKM) Appliance cves: cve-2021-4104: investigated: false @@ -673,7 +673,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) + product: CipherTrust Cloud Key Manager (CCKM) Embedded cves: cve-2021-4104: investigated: false @@ -702,7 +702,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaultless Tokenization (CTS, CT-VL) + product: CipherTrust Database Protection cves: cve-2021-4104: investigated: false @@ -731,7 +731,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Protection on Demand + product: CipherTrust Manager cves: cve-2021-4104: investigated: false @@ -760,7 +760,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Data Security Manager (DSM) + product: CipherTrust Transparent Encryption (CTE/VTE/CTE-U) cves: cve-2021-4104: investigated: false @@ -789,7 +789,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: KeySecure + product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager cves: cve-2021-4104: investigated: false @@ -818,7 +818,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna EFT + product: CipherTrust Vaultless Tokenization (CTS, CT-VL) cves: cve-2021-4104: investigated: false @@ -847,7 +847,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna Network, PCIe, Luna USB HSM and backup devices + product: CipherTrust/SafeNet PDBCTL cves: cve-2021-4104: investigated: false @@ -876,7 +876,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Luna SP + product: Crypto Command Center (CCC) cves: cve-2021-4104: investigated: false @@ -905,7 +905,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: ProtectServer HSMs + product: Data Protection on Demand cves: cve-2021-4104: investigated: false @@ -934,7 +934,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Authentication Client + product: Data Security Manager (DSM) cves: cve-2021-4104: investigated: false @@ -963,7 +963,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime Virtual + product: KeySecure cves: cve-2021-4104: investigated: false @@ -992,7 +992,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet eToken (all products) + product: Luna EFT cves: cve-2021-4104: investigated: false @@ -1021,7 +1021,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet IDPrime(all products) + product: Luna Network, PCIe, Luna USB HSM and backup devices cves: cve-2021-4104: investigated: false @@ -1050,7 +1050,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet LUKS + product: Luna SP cves: cve-2021-4104: investigated: false @@ -1079,7 +1079,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core + product: payShield Monitor cves: cve-2021-4104: investigated: false @@ -1108,7 +1108,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectDB (PDB) + product: ProtectServer HSMs cves: cve-2021-4104: investigated: false @@ -1137,7 +1137,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet ProtectV + product: SafeNet Authentication Client cves: cve-2021-4104: investigated: false @@ -1166,7 +1166,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Safenet ProtectFile and ProtectFile- Fuse + product: SafeNet eToken (all products) cves: cve-2021-4104: investigated: false @@ -1195,7 +1195,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Transform Utility (TU) + product: SafeNet IDPrime Virtual cves: cve-2021-4104: investigated: false @@ -1224,7 +1224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Trusted Access (STA) + product: SafeNet IDPrime(all products) cves: cve-2021-4104: investigated: false @@ -1253,7 +1253,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet PKCS#11 and TDE + product: SafeNet LUKS cves: cve-2021-4104: investigated: false @@ -1282,7 +1282,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet SQL EKM + product: SafeNet PKCS#11 and TDE cves: cve-2021-4104: investigated: false @@ -1311,7 +1311,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SAS on Prem (SPE/PCE) + product: SafeNet ProtectApp (PA) CAPI, .Net & Net Core cves: cve-2021-4104: investigated: false @@ -1340,7 +1340,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise OnPremise + product: SafeNet ProtectDB (PDB) cves: cve-2021-4104: investigated: false @@ -1369,7 +1369,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel ESDaaS + product: Safenet ProtectFile and ProtectFile- Fuse cves: cve-2021-4104: investigated: false @@ -1398,7 +1398,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Up + product: SafeNet ProtectV cves: cve-2021-4104: investigated: false @@ -1427,7 +1427,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel RMS + product: SafeNet SQL EKM cves: cve-2021-4104: investigated: false @@ -1456,7 +1456,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Connect + product: SafeNet Transform Utility (TU) cves: cve-2021-4104: investigated: false @@ -1485,7 +1485,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Superdog, SuperPro, UltraPro, SHK + product: SafeNet Trusted Access (STA) cves: cve-2021-4104: investigated: false @@ -1514,7 +1514,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel HASP, Legacy dog, Maze, Hardlock + product: SafeNet Vaultless Tokenization cves: cve-2021-4104: investigated: false @@ -1543,7 +1543,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Envelope + product: SAS on Prem (SPE/PCE) cves: cve-2021-4104: investigated: false @@ -1572,7 +1572,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 9000 + product: Sentinel Connect cves: cve-2021-4104: investigated: false @@ -1601,7 +1601,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield 10k + product: Sentinel EMS Enterprise aaS cves: cve-2021-4104: investigated: false @@ -1630,7 +1630,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales payShield Manager + product: Sentinel EMS Enterprise OnPremise cves: cve-2021-4104: investigated: false @@ -1659,7 +1659,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetirc Key Manager (VKM) + product: Sentinel Envelope cves: cve-2021-4104: investigated: false @@ -1688,7 +1688,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Application Encryption (VAE) + product: Sentinel ESDaaS cves: cve-2021-4104: investigated: false @@ -1717,7 +1717,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Protection for Terradata Database (VPTD) + product: Sentinel HASP, Legacy dog, Maze, Hardlock cves: cve-2021-4104: investigated: false @@ -1746,7 +1746,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Vormetric Tokenization Server (VTS) + product: Sentinel LDK EMS (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1775,7 +1775,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: payShield Monitor + product: Sentinel LDKaas (LDK-EMS) cves: cve-2021-4104: investigated: false @@ -1804,7 +1804,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CADP/SafeNet Protect App (PA) - JCE + product: Sentinel Professional Services components (both Thales hosted & hosted + on-premises by customers) cves: cve-2021-4104: investigated: false @@ -1833,7 +1834,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Batch Data Transformation (BDT) 2.3 + product: Sentinel RMS cves: cve-2021-4104: investigated: false @@ -1862,7 +1863,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Cloud Key Manager (CCKM) Appliance + product: Sentinel SCL cves: cve-2021-4104: investigated: false @@ -1891,7 +1892,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust Vaulted Tokenization (CT-V) / SafeNet Tokenization Manager + product: Sentinel Superdog, SuperPro, UltraPro, SHK cves: cve-2021-4104: investigated: false @@ -1920,7 +1921,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: CipherTrust/SafeNet PDBCTL + product: Sentinel Up cves: cve-2021-4104: investigated: false @@ -1949,7 +1950,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Crypto Command Center (CCC) + product: Thales Data Platform (TDP)(DDC) cves: cve-2021-4104: investigated: false @@ -1978,7 +1979,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: SafeNet Vaultless Tokenization + product: Thales payShield 10k cves: cve-2021-4104: investigated: false @@ -2007,7 +2008,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDK EMS (LDK-EMS) + product: Thales payShield 9000 cves: cve-2021-4104: investigated: false @@ -2036,7 +2037,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel LDKaas (LDK-EMS) + product: Thales payShield Manager cves: cve-2021-4104: investigated: false @@ -2065,7 +2066,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel EMS Enterprise aaS + product: Vormetirc Key Manager (VKM) cves: cve-2021-4104: investigated: false @@ -2094,8 +2095,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel Professional Services components (both Thales hosted & hosted - on-premises by customers) + product: Vormetric Application Encryption (VAE) cves: cve-2021-4104: investigated: false @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Sentinel SCL + product: Vormetric Protection for Terradata Database (VPTD) cves: cve-2021-4104: investigated: false @@ -2153,7 +2153,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Thales - product: Thales Data Platform (TDP)(DDC) + product: Vormetric Tokenization Server (VTS) cves: cve-2021-4104: investigated: false @@ -2181,8 +2181,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Thermo-Calc - product: Thermo-Calc + - vendor: Thermo Fisher Scientific + product: '' cves: cve-2021-4104: investigated: false @@ -2190,11 +2190,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2022a + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2206,8 +2205,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, Install the 2022a patch when available + - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' @@ -2224,7 +2223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2021b + - 2022a cve-2021-45046: investigated: false affected_versions: [] @@ -2237,7 +2236,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, Install the 2022a patch when available references: - '' last_updated: '2021-12-22T00:00:00' @@ -2254,7 +2253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018b to 2021a + - 2021b cve-2021-45046: investigated: false affected_versions: [] @@ -2267,8 +2266,7 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal, delete the Log4j 2 files in the program installation - if required, see advisory for instructions. + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2285,7 +2283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2018a and earlier + - 2018b to 2021a cve-2021-45046: investigated: false affected_versions: [] @@ -2298,12 +2296,13 @@ software: unaffected_versions: [] vendor_links: - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ - notes: Use the program as normal + notes: Use the program as normal, delete the Log4j 2 files in the program installation + if required, see advisory for instructions. references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Thermo Fisher Scientific - product: '' + - vendor: Thermo-Calc + product: Thermo-Calc cves: cve-2021-4104: investigated: false @@ -2311,10 +2310,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2018a and earlier cve-2021-45046: investigated: false affected_versions: [] @@ -2326,8 +2326,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://corporate.thermofisher.com/us/en/index/about/information-security/Protecting-Our-Products.html - notes: '' + - https://thermocalc.com/blog/thermo-calc-response-to-apache-log4j-2-vulnerability/ + notes: Use the program as normal references: - '' last_updated: '2021-12-22T00:00:00' @@ -2393,7 +2393,7 @@ software: - '' last_updated: '2022-01-12T07:18:56+00:00' - vendor: ThycoticCentrify - product: Secret Server + product: Account Lifecycle Manager cves: cve-2021-4104: investigated: false @@ -2423,7 +2423,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privilege Manager + product: Cloud Suite cves: cve-2021-4104: investigated: false @@ -2453,7 +2453,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Account Lifecycle Manager + product: Connection Manager cves: cve-2021-4104: investigated: false @@ -2483,7 +2483,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Privileged Behavior Analytics + product: DevOps Secrets Vault cves: cve-2021-4104: investigated: false @@ -2513,7 +2513,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: DevOps Secrets Vault + product: Password Reset Server cves: cve-2021-4104: investigated: false @@ -2543,7 +2543,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Connection Manager + product: Privilege Manager cves: cve-2021-4104: investigated: false @@ -2573,7 +2573,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Password Reset Server + product: Privileged Behavior Analytics cves: cve-2021-4104: investigated: false @@ -2603,7 +2603,7 @@ software: - '' last_updated: '2021-12-10T00:00:00' - vendor: ThycoticCentrify - product: Cloud Suite + product: Secret Server cves: cve-2021-4104: investigated: false @@ -2952,13 +2952,13 @@ software: unaffected_versions: [] vendor_links: - https://docs.niagara-community.com/bundle/TechBulletin2021/resource/Dec_13_2021_NiagaraNotExposed_Apache_log4j.pdf - notes: Document access requires authentication. CISA is not able to validate vulnerability status. + notes: Document access requires authentication. CISA is not able to validate vulnerability + status. references: - '' last_updated: '2022-01-19T00:00:00' - - vendor: Tripp Lite - product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, - SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) + - vendor: Trimble + product: eCognition cves: cve-2021-4104: investigated: false @@ -2966,8 +2966,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 10.2.0 Build 4618 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2980,15 +2981,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + vendor_links: [] + notes: Remediation steps provided by Trimble references: - '' - last_updated: '2022-01-04T00:00:00' + last_updated: '2021-12-23T00:00:00' - vendor: Tripp Lite - product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or - embedded SNMPWEBCARD + product: LX Platform devices (includes WEBCARDLX, WEBCARDLXMINI, SRCOOLNETLX, + SRCOOLNET2LX and devices with pre-installed or embedded WEBCARDLX interfaces) cves: cve-2021-4104: investigated: false @@ -3047,7 +3047,7 @@ software: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Shutdown Agent (PANSA) + product: PowerAlert Network Management System (PANMS) cves: cve-2021-4104: investigated: false @@ -3071,13 +3071,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlert Network Management System (PANMS) + product: PowerAlert Network Shutdown Agent (PANSA) cves: cve-2021-4104: investigated: false @@ -3101,13 +3101,13 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Some versions of PAL use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 + notes: Some versions of PANSA use log4j v1 which is NOT AFFECTED by the CVE-2021-44228 vulnerability. references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: TLNETCARD and associated software + product: PowerAlertElement Manager (PAEM) cves: cve-2021-4104: investigated: false @@ -3115,8 +3115,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 1.0.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3131,12 +3132,14 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: '' + notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which + will contain a patched version of Log4j2 references: - '' last_updated: '2022-01-04T00:00:00' - vendor: Tripp Lite - product: PowerAlertElement Manager (PAEM) + product: SNMPWEBCARD, SRCOOLNET, SRCOOLNET2 and devices with pre-installed or + embedded SNMPWEBCARD cves: cve-2021-4104: investigated: false @@ -3144,9 +3147,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 1.0.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3161,13 +3163,12 @@ software: unaffected_versions: [] vendor_links: - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf - notes: Tripp Lite will soon be issuing a patch in the form of PAEM 1.0.1 which - will contain a patched version of Log4j2 + notes: '' references: - '' last_updated: '2022-01-04T00:00:00' - - vendor: Tripwire - product: '' + - vendor: Tripp Lite + product: TLNETCARD and associated software cves: cve-2021-4104: investigated: false @@ -3190,13 +3191,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.tripwire.com/log4j + - https://assets.tripplite.com/software-support/log4j2-vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Trimble - product: eCognition + last_updated: '2022-01-04T00:00:00' + - vendor: Tripwire + product: '' cves: cve-2021-4104: investigated: false @@ -3204,9 +3205,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 10.2.0 Build 4618 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3219,11 +3219,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: Remediation steps provided by Trimble + vendor_links: + - https://www.tripwire.com/log4j + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2022-01-12T07:18:56+00:00' - vendor: TrueNAS product: '' cves: diff --git a/data/cisagov_U.yml b/data/cisagov_U.yml index 7240ee1..0ce28f2 100644 --- a/data/cisagov_U.yml +++ b/data/cisagov_U.yml @@ -94,8 +94,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Umbraco - product: '' + - vendor: UiPath + product: InSights cves: cve-2021-4104: investigated: false @@ -103,8 +103,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '20.10' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -118,12 +119,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ + - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UniFlow + last_updated: '2021-12-15T00:00:00' + - vendor: Umbraco product: '' cves: cve-2021-4104: @@ -147,12 +148,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uniflow.global/en/security/security-and-maintenance/ + - https://umbraco.com/blog/security-advisory-december-15-2021-umbraco-cms-and-cloud-not-affected-by-cve-2021-44228-log4j-rce-0-day-mitigation/ notes: '' references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unify ATOS + - vendor: UniFlow product: '' cves: cve-2021-4104: @@ -176,12 +177,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf + - https://www.uniflow.global/en/security/security-and-maintenance/ notes: '' references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: Unimus + - vendor: Unify ATOS product: '' cves: cve-2021-4104: @@ -205,13 +206,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top + - https://networks.unify.com/security/advisories/OBSO-2112-01.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:56+00:00' - - vendor: UiPath - product: InSights + - vendor: Unimus + product: '' cves: cve-2021-4104: investigated: false @@ -219,9 +220,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '20.10' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -235,11 +235,11 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.uipath.com/legal/trust-and-security/cve-2021-44228 + - https://forum.unimus.net/viewtopic.php?f=7&t=1390#top notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:56+00:00' - vendor: USSIGNAL MSP product: '' cves: diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 4d2e58d..9594d23 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -4,35 +4,6 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - - vendor: VArmour - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:56+00:00' - vendor: Varian product: Acuity cves: @@ -64,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DITC + product: ARIA Connect (Cloverleaf) cves: cve-2021-4104: investigated: false @@ -72,11 +43,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -94,7 +65,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Connect (Cloverleaf) + product: ARIA eDOC cves: cve-2021-4104: investigated: false @@ -154,7 +125,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Medical Oncology + product: ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -162,11 +133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -184,7 +155,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA oncology information system for Radiation Oncology + product: ARIA Radiation Therapy Management System (RTM) cves: cve-2021-4104: investigated: false @@ -214,7 +185,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA eDOC + product: Bravos Console cves: cve-2021-4104: investigated: false @@ -244,7 +215,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: XMediusFax for ARIA oncology information system for Radiation Oncology + product: Clinac cves: cve-2021-4104: investigated: false @@ -274,37 +245,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ARIA Radiation Therapy Management System (RTM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Varian - product: Bravos Console + product: Cloud Planner cves: cve-2021-4104: investigated: false @@ -334,7 +275,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Clinac + product: DITC cves: cve-2021-4104: investigated: false @@ -364,7 +305,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Cloud Planner + product: DoseLab cves: cve-2021-4104: investigated: false @@ -394,7 +335,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: DoseLab + product: Eclipse treatment planning software cves: cve-2021-4104: investigated: false @@ -424,7 +365,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Eclipse treatment planning software + product: ePeerReview cves: cve-2021-4104: investigated: false @@ -432,11 +373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -454,7 +395,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ePeerReview + product: Ethos cves: cve-2021-4104: investigated: false @@ -462,11 +403,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -484,7 +425,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Ethos + product: FullScale oncology IT solutions cves: cve-2021-4104: investigated: false @@ -492,11 +433,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -514,7 +455,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: FullScale oncology IT solutions + product: Halcyon system cves: cve-2021-4104: investigated: false @@ -544,7 +485,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Halcyon system + product: ICAP cves: cve-2021-4104: investigated: false @@ -552,11 +493,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -694,7 +635,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: ICAP + product: Mobius3D platform cves: cve-2021-4104: investigated: false @@ -724,7 +665,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Mobius3D platform + product: PaaS cves: cve-2021-4104: investigated: false @@ -934,7 +875,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: PaaS + product: TrueBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -964,7 +905,37 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: TrueBeam radiotherapy system + product: UNIQUE system + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.varian.com/resources-support/services/cybersecurity-varian/java-log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Varian + product: Varian Authentication and Identity Server (VAIS) cves: cve-2021-4104: investigated: false @@ -994,7 +965,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: UNIQUE system + product: Varian Managed Services Cloud cves: cve-2021-4104: investigated: false @@ -1024,7 +995,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Authentication and Identity Server (VAIS) + product: Varian Mobile App cves: cve-2021-4104: investigated: false @@ -1036,7 +1007,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '2.0' + - '2.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1054,7 +1026,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Managed Services Cloud + product: VariSeed cves: cve-2021-4104: investigated: false @@ -1062,11 +1034,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - All + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1084,7 +1056,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Varian Mobile App + product: Velocity cves: cve-2021-4104: investigated: false @@ -1096,8 +1068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.0' - - '2.5' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1115,7 +1086,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VariSeed + product: VitalBeam radiotherapy system cves: cve-2021-4104: investigated: false @@ -1145,7 +1116,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Velocity + product: Vitesse cves: cve-2021-4104: investigated: false @@ -1175,7 +1146,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: VitalBeam radiotherapy system + product: XMediusFax for ARIA oncology information system for Medical Oncology cves: cve-2021-4104: investigated: false @@ -1183,11 +1154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1205,7 +1176,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Varian - product: Vitesse + product: XMediusFax for ARIA oncology information system for Radiation Oncology cves: cve-2021-4104: investigated: false @@ -1213,11 +1184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + investigated: false + affected_versions: - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1234,6 +1205,35 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: VArmour + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.varmour.com/hc/en-us/articles/4416396248717-Log4j2-Emergency-Configuration-Change-for-Critical-Auth-Free-Code-Execution-in-Logging-Utility + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:56+00:00' - vendor: Varnish Software product: '' cves: @@ -1421,7 +1421,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1678,6 +1678,71 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VMware + product: vCenter Server - OVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 7.x + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: VMware + product: vCenter Server - Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.7.x + - 6.5.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vmware.com/security/advisories/VMSA-2021-0028.html + notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 + )' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware Carbon Black Cloud Workload Appliance cves: @@ -2291,71 +2356,6 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' - - vendor: VMware - product: vCenter Server - OVA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 7.x - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87081 (vmware.com)](https://kb.vmware.com/s/article/87081 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: VMware - product: vCenter Server - Windows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 6.7.x - - 6.5.x - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.vmware.com/security/advisories/VMSA-2021-0028.html - notes: '[Workaround @ KB87096 (vmware.com)](https://kb.vmware.com/s/article/87096 - )' - references: - - '' - last_updated: '2021-12-17T00:00:00' - vendor: VMware product: VMware vRealize Automation cves: @@ -2614,7 +2614,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index f8b1dae..b1651d2 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -151,7 +151,7 @@ software: - '' last_updated: '2022-01-12T07:18:56+00:00' - vendor: WIBU Systems - product: CodeMeter Keyring for TIA Portal + product: CodeMeter Cloud Lite cves: cve-2021-4104: investigated: false @@ -161,7 +161,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 1.30 and prior + - 2.2 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -176,12 +176,12 @@ software: unaffected_versions: [] vendor_links: - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: Only the Password Manager is affected + notes: '' references: - '' last_updated: '2021-12-22T00:00:00' - vendor: WIBU Systems - product: CodeMeter Cloud Lite + product: CodeMeter Keyring for TIA Portal cves: cve-2021-4104: investigated: false @@ -191,7 +191,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.2 and prior + - 1.30 and prior fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -206,7 +206,7 @@ software: unaffected_versions: [] vendor_links: - https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf - notes: '' + notes: Only the Password Manager is affected references: - '' last_updated: '2021-12-22T00:00:00' diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 1235c42..e2f18a2 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -237,7 +237,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Analytics + product: Configuration change complete cves: cve-2021-4104: investigated: false @@ -266,7 +266,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Automation Control Configuration change complete + product: Sensus Analytics cves: cve-2021-4104: investigated: false @@ -295,7 +295,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Cathodic Protection Mitigation in process Mitigation in process + product: Sensus Automation Control Configuration change complete cves: cve-2021-4104: investigated: false @@ -324,7 +324,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus FieldLogic LogServer + product: Sensus Cathodic Protection Mitigation in process Mitigation in process cves: cve-2021-4104: investigated: false @@ -353,7 +353,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus Lighting Control + product: Sensus FieldLogic LogServer cves: cve-2021-4104: investigated: false @@ -382,7 +382,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus NetMetrics Configuration change complete + product: Sensus Lighting Control cves: cve-2021-4104: investigated: false @@ -411,7 +411,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus RNI Saas + product: Sensus NetMetrics Configuration change complete cves: cve-2021-4104: investigated: false @@ -419,11 +419,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 - - '4.2' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -475,7 +472,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Sensus SCS + product: Sensus RNI Saas cves: cve-2021-4104: investigated: false @@ -483,8 +480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.7 through 4.10 + - 4.4 through 4.6 + - '4.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -504,7 +504,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Smart Irrigation + product: Sensus SCS cves: cve-2021-4104: investigated: false @@ -533,7 +533,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Water Loss Management (Visenti) + product: Smart Irrigation cves: cve-2021-4104: investigated: false @@ -562,7 +562,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Xylem - product: Configuration change complete + product: Water Loss Management (Visenti) cves: cve-2021-4104: investigated: false From 1905279e0adf7be15a6d66d6b4749c1aed6a56d2 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Mon, 24 Jan 2022 17:40:46 -0500 Subject: [PATCH 038/268] Add files from the data reintegration process Add the files that were updated as part of the reintegration process. This process involved rebasing back to the original YAML conversion, updating those files, and then stepping through the rebase to integrate changes that have been made since. --- data/cisagov_B.yml | 16 +- data/cisagov_C.yml | 414 +++---- data/cisagov_D.yml | 40 +- data/cisagov_E.yml | 36 +- data/cisagov_F.yml | 136 +-- data/cisagov_G.yml | 52 +- data/cisagov_H.yml | 46 +- data/cisagov_I.yml | 58 +- data/cisagov_J.yml | 58 +- data/cisagov_K.yml | 22 +- data/cisagov_L.yml | 52 +- data/cisagov_M.yml | 66 +- data/cisagov_N.yml | 38 +- data/cisagov_O.yml | 30 +- data/cisagov_P.yml | 2748 ++++++++++++++++++++++++++++++++++++++++++ data/cisagov_Q.yml | 14 +- data/cisagov_R.yml | 2857 +++++++++++++++++++++++++++++++++++++++++++- data/cisagov_S.yml | 138 +-- data/cisagov_T.yml | 38 +- data/cisagov_U.yml | 14 +- data/cisagov_V.yml | 14 +- data/cisagov_W.yml | 24 +- data/cisagov_X.yml | 12 +- data/cisagov_Y.yml | 6 +- data/cisagov_Z.yml | 22 +- 25 files changed, 6277 insertions(+), 674 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 96dd688..5cb247d 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -4067,7 +4067,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection Engine (SPE) cves: @@ -4096,7 +4096,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection for SharePoint Servers (SPSS) cves: @@ -4125,7 +4125,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP cves: @@ -4154,7 +4154,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP Authentication Hub cves: @@ -4183,7 +4183,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Isolation (WI) cves: @@ -4212,7 +4212,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Security Service (WSS) cves: @@ -4241,7 +4241,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: WebPulse cves: @@ -4270,5 +4270,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 60b11b6..b24be77 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Campbell Scientific product: All cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Canary Labs product: All cves: @@ -408,7 +408,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Carestream product: '' cves: @@ -466,7 +466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CAS genesisWorld product: '' cves: @@ -495,7 +495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cato Networks product: '' cves: @@ -524,7 +524,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cepheid product: C360 cves: @@ -611,7 +611,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Chaser Systems product: discrimiNAT Firewall cves: @@ -641,7 +641,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: CloudGuard cves: @@ -671,7 +671,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Harmony Endpoint & Harmony Mobile cves: @@ -701,7 +701,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Infinity Portal cves: @@ -730,7 +730,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Gateway cves: @@ -760,7 +760,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Management cves: @@ -791,7 +791,7 @@ software: this attack by default. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: SMB cves: @@ -821,7 +821,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: ThreatCloud cves: @@ -850,7 +850,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CheckMK product: '' cves: @@ -879,7 +879,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ciphermail product: '' cves: @@ -908,7 +908,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CircleCI product: CircleCI cves: @@ -966,7 +966,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: AppDynamics cves: @@ -995,7 +995,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ACI Multi-Site Orchestrator cves: @@ -1024,7 +1024,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ACI Virtual Edge cves: @@ -1053,7 +1053,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Adaptive Security Appliance (ASA) Software cves: @@ -1082,7 +1082,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Advanced Web Security Reporting Application cves: @@ -1111,7 +1111,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco AMP Virtual Private Cloud Appliance cves: @@ -1140,7 +1140,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco AnyConnect Secure Mobility Client cves: @@ -1169,7 +1169,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Application Policy Infrastructure Controller (APIC) cves: @@ -1198,7 +1198,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ASR 5000 Series Routers cves: @@ -1227,7 +1227,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Broadcloud Calling cves: @@ -1256,7 +1256,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco BroadWorks cves: @@ -1285,7 +1285,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Catalyst 9800 Series Wireless Controllers cves: @@ -1314,7 +1314,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CloudCenter Suite Admin cves: @@ -1343,7 +1343,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CloudCenter Workload Manager cves: @@ -1372,7 +1372,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Cognitive Intelligence cves: @@ -1401,7 +1401,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Common Services Platform Collector cves: @@ -1430,7 +1430,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: @@ -1459,7 +1459,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Grid Device Manager cves: @@ -1488,7 +1488,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Mobile Experiences cves: @@ -1517,7 +1517,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connectivity cves: @@ -1546,7 +1546,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Domain Manager (CCDM) cves: @@ -1575,7 +1575,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Management Portal (CCMP) cves: @@ -1604,7 +1604,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Crosswork Change Automation cves: @@ -1633,7 +1633,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CX Cloud Agent Software cves: @@ -1662,7 +1662,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Data Center Network Manager (DCNM) cves: @@ -1691,7 +1691,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Defense Orchestrator cves: @@ -1720,7 +1720,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Assurance cves: @@ -1749,7 +1749,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Center cves: @@ -1778,7 +1778,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Spaces cves: @@ -1807,7 +1807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -1836,7 +1836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Emergency Responder cves: @@ -1865,7 +1865,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise Chat and Email cves: @@ -1894,7 +1894,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: @@ -1923,7 +1923,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Evolved Programmable Network Manager cves: @@ -1952,7 +1952,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Extensible Network Controller (XNC) cves: @@ -1981,7 +1981,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Finesse cves: @@ -2010,7 +2010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Management Center cves: @@ -2039,7 +2039,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Threat Defense (FTD) cves: @@ -2068,7 +2068,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco GGSN Gateway GPRS Support Node cves: @@ -2097,7 +2097,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco HyperFlex System cves: @@ -2126,7 +2126,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Identity Services Engine (ISE) cves: @@ -2155,7 +2155,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Integrated Management Controller (IMC) Supervisor cves: @@ -2184,7 +2184,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight cves: @@ -2213,7 +2213,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight Virtual Appliance cves: @@ -2242,7 +2242,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOS and IOS XE Software cves: @@ -2271,7 +2271,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) @@ -2301,7 +2301,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Operations Dashboard cves: @@ -2330,7 +2330,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOx Fog Director cves: @@ -2359,7 +2359,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IP Services Gateway (IPSG) cves: @@ -2388,7 +2388,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Kinetic for Cities cves: @@ -2417,7 +2417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MDS 9000 Series Multilayer Switches cves: @@ -2446,7 +2446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Meeting Server cves: @@ -2475,7 +2475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MME Mobility Management Entity cves: @@ -2504,7 +2504,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Modeling Labs cves: @@ -2533,7 +2533,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assessment (CNA) Tool cves: @@ -2562,7 +2562,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assurance Engine cves: @@ -2591,7 +2591,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Convergence System 2000 Series cves: @@ -2620,7 +2620,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Planner cves: @@ -2649,7 +2649,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Services Orchestrator (NSO) cves: @@ -2678,7 +2678,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -2707,7 +2707,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5600 Platform Switches cves: @@ -2736,7 +2736,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 6000 Series Switches cves: @@ -2765,7 +2765,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 7000 Series Switches cves: @@ -2794,7 +2794,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode @@ -2824,7 +2824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: @@ -2853,7 +2853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Data Broker cves: @@ -2882,7 +2882,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Insights cves: @@ -2911,7 +2911,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Optical Network Planner cves: @@ -2940,7 +2940,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Packaged Contact Center Enterprise cves: @@ -2969,7 +2969,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Paging Server cves: @@ -2998,7 +2998,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Paging Server (InformaCast) cves: @@ -3027,7 +3027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: @@ -3056,7 +3056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PGW Packet Data Network Gateway cves: @@ -3085,7 +3085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Policy Suite cves: @@ -3114,7 +3114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Central for Service Providers cves: @@ -3143,7 +3143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Manager cves: @@ -3172,7 +3172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Provisioning cves: @@ -3201,7 +3201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Infrastructure cves: @@ -3230,7 +3230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime License Manager cves: @@ -3259,7 +3259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Network cves: @@ -3288,7 +3288,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Optical for Service Providers cves: @@ -3317,7 +3317,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Provisioning cves: @@ -3346,7 +3346,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Service Catalog cves: @@ -3375,7 +3375,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Registered Envelope Service cves: @@ -3404,7 +3404,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 1000 Series Routers cves: @@ -3433,7 +3433,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 2000 Series Routers cves: @@ -3462,7 +3462,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 5000 Series Routers cves: @@ -3491,7 +3491,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge Cloud Router Platform cves: @@ -3520,7 +3520,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vManage cves: @@ -3549,7 +3549,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: @@ -3578,7 +3578,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SocialMiner cves: @@ -3607,7 +3607,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco System Architecture Evolution Gateway (SAEGW) cves: @@ -3636,7 +3636,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco TelePresence Management Suite cves: @@ -3665,7 +3665,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Director cves: @@ -3694,7 +3694,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Performance Manager cves: @@ -3723,7 +3723,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Umbrella cves: @@ -3752,7 +3752,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Advanced cves: @@ -3781,7 +3781,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Business Edition cves: @@ -3810,7 +3810,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Department Edition cves: @@ -3839,7 +3839,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Enterprise Edition cves: @@ -3868,7 +3868,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Premium Edition cves: @@ -3897,7 +3897,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Communications Manager Cloud cves: @@ -3926,7 +3926,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Enterprise cves: @@ -3955,7 +3955,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Enterprise - Live Data server cves: @@ -3984,7 +3984,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Express cves: @@ -4013,7 +4013,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Intelligent Contact Management Enterprise cves: @@ -4042,7 +4042,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified SIP Proxy Software cves: @@ -4071,7 +4071,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Video Surveillance Operations Manager cves: @@ -4100,7 +4100,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: @@ -4129,7 +4129,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtualized Voice Browser cves: @@ -4158,7 +4158,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Vision Dynamic Signage Director cves: @@ -4187,7 +4187,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco WAN Automation Engine (WAE) cves: @@ -4216,7 +4216,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Web Security Appliance (WSA) cves: @@ -4245,7 +4245,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Cloud-Connected UC (CCUC) cves: @@ -4274,7 +4274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Meetings Server cves: @@ -4303,7 +4303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Teams cves: @@ -4332,7 +4332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Wide Area Application Services (WAAS) cves: @@ -4361,7 +4361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Duo cves: @@ -4390,7 +4390,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: DUO network gateway (on-prem/self-hosted) cves: @@ -4418,7 +4418,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -4446,7 +4446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Exony Virtualized Interaction Manager (VIM) cves: @@ -4475,7 +4475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Managed Services Accelerator (MSX) Network Access Control Service cves: @@ -4504,7 +4504,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Citrix product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: @@ -4941,7 +4941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: AM2CM Tool cves: @@ -4970,7 +4970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Ambari cves: @@ -5001,7 +5001,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Arcadia Enterprise cves: @@ -5031,7 +5031,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDH, HDP, and HDF cves: @@ -5061,7 +5061,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Operational Database (COD) cves: @@ -5090,7 +5090,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Private Cloud Base cves: @@ -5120,7 +5120,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3 Powered by Apache Spark cves: @@ -5150,7 +5150,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3.2 for GPUs cves: @@ -5180,7 +5180,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Cybersecurity Platform cves: @@ -5210,7 +5210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -5239,7 +5239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -5269,7 +5269,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Flow (CFM) cves: @@ -5298,7 +5298,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Science Workbench (CDSW) cves: @@ -5329,7 +5329,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Visualization (CDV) cves: @@ -5358,7 +5358,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -5387,7 +5387,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -5417,7 +5417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera DataFlow (CDF) cves: @@ -5446,7 +5446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Edge Management (CEM) cves: @@ -5476,7 +5476,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Enterprise cves: @@ -5506,7 +5506,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Flow Management (CFM) cves: @@ -5536,7 +5536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -5565,7 +5565,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -5595,7 +5595,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -5626,7 +5626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -5659,7 +5659,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: @@ -5688,7 +5688,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: @@ -5720,7 +5720,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Stream Processing (CSP) cves: @@ -5750,7 +5750,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -5779,7 +5779,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -5808,7 +5808,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Analytics Studio (DAS) cves: @@ -5837,7 +5837,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Catalog cves: @@ -5866,7 +5866,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Lifecycle Manager (DLM) cves: @@ -5895,7 +5895,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Steward Studio (DSS) cves: @@ -5925,7 +5925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Flow (HDF) cves: @@ -5954,7 +5954,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Platform (HDP) cves: @@ -5986,7 +5986,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks DataPlane Platform cves: @@ -6015,7 +6015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console cves: @@ -6045,7 +6045,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console for CDP Public Cloud cves: @@ -6074,7 +6074,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Replication Manager cves: @@ -6103,7 +6103,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: SmartSense cves: @@ -6132,7 +6132,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload Manager cves: @@ -6161,7 +6161,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload XM cves: @@ -6191,7 +6191,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload XM (SaaS) cves: @@ -6220,7 +6220,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CloudFlare product: '' cves: @@ -6249,7 +6249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudian HyperStore product: '' cves: @@ -6278,7 +6278,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: Ecosystem cves: @@ -6308,7 +6308,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: SCM-Manager cves: @@ -6337,7 +6337,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudron product: '' cves: @@ -6366,7 +6366,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Clover product: '' cves: @@ -6395,7 +6395,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Code42 product: Code42 App cves: @@ -6486,7 +6486,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Codesys product: '' cves: @@ -6515,7 +6515,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cohesity product: '' cves: @@ -6544,7 +6544,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CommVault product: '' cves: @@ -6573,7 +6573,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Concourse product: Concourse cves: @@ -6602,7 +6602,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConcreteCMS.com product: '' cves: @@ -6631,7 +6631,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Confluent product: Confluent Cloud cves: @@ -6960,7 +6960,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConnectWise product: '' cves: @@ -6989,7 +6989,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ContrastSecurity product: '' cves: @@ -7018,7 +7018,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ControlUp product: '' cves: @@ -7047,7 +7047,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: COPADATA product: All cves: @@ -7105,7 +7105,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CPanel product: '' cves: @@ -7134,7 +7134,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cradlepoint product: '' cves: @@ -7163,7 +7163,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Crestron product: '' cves: @@ -7221,7 +7221,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CryptShare product: '' cves: @@ -7250,7 +7250,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberArk product: Privileged Threat Analytics (PTA) cves: @@ -7310,7 +7310,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberRes product: '' cves: @@ -7339,5 +7339,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1a63d55..f8738da 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -615,7 +615,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes product: '' cves: @@ -644,7 +644,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks product: '' cves: @@ -673,7 +673,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog product: Datadog Agent cves: @@ -706,7 +706,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer product: '' cves: @@ -735,7 +735,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datev product: '' cves: @@ -764,7 +764,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto product: '' cves: @@ -793,7 +793,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: dCache.org product: '' cves: @@ -822,7 +822,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian product: '' cves: @@ -851,7 +851,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Deepinstinct product: '' cves: @@ -880,7 +880,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: @@ -8305,7 +8305,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 product: '' cves: @@ -8334,7 +8334,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions product: All products cves: @@ -8363,7 +8363,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf product: '' cves: @@ -8392,7 +8392,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digi International product: AnywhereUSB Manager cves: @@ -9552,7 +9552,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI product: '' cves: @@ -9581,7 +9581,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital Alert Systems product: All cves: @@ -9639,7 +9639,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker product: '' cves: @@ -9668,7 +9668,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign product: '' cves: @@ -9697,7 +9697,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: DrayTek product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform @@ -9756,7 +9756,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dynatrace product: ActiveGate cves: diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 8643da5..1578987 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton product: Undisclosed cves: @@ -64,7 +64,7 @@ software: wall. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ product: '' cves: @@ -93,7 +93,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation product: '' cves: @@ -122,7 +122,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards product: '' cves: @@ -180,7 +180,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EGroupware product: '' cves: @@ -209,7 +209,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic product: APM Java Agent cves: @@ -793,7 +793,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian product: Admin cves: @@ -4249,7 +4249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESET product: '' cves: @@ -4278,7 +4278,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESRI product: ArcGIS Data Store cves: @@ -4493,7 +4493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Evolveum Midpoint product: '' cves: @@ -4522,7 +4522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon product: '' cves: @@ -4551,7 +4551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exabeam product: '' cves: @@ -4581,7 +4581,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact product: '' cves: @@ -4610,7 +4610,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exivity product: '' cves: @@ -4639,7 +4639,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ExtraHop product: Reveal(x) cves: @@ -4700,7 +4700,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extreme Networks product: '' cves: @@ -4729,7 +4729,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extron product: '' cves: @@ -4758,5 +4758,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 054ebe8..8598911 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Endpoint Proxy cves: @@ -62,7 +62,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Messaging Security Gateway cves: @@ -91,7 +91,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager cves: @@ -121,7 +121,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager Proxy cves: @@ -151,7 +151,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IP (all modules) cves: @@ -181,7 +181,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IQ Centralized Management cves: @@ -211,7 +211,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: F5OS cves: @@ -241,7 +241,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX App Protect cves: @@ -271,7 +271,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Controller cves: @@ -301,7 +301,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Ingress Controller cves: @@ -331,7 +331,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Instance Manager cves: @@ -361,7 +361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Open Source cves: @@ -391,7 +391,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Plus cves: @@ -421,7 +421,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Service Mesh cves: @@ -451,7 +451,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Unit cves: @@ -481,7 +481,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: Traffix SDC cves: @@ -513,7 +513,7 @@ software: Kibana), Element Management System' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA product: '' cves: @@ -542,7 +542,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly product: '' cves: @@ -571,7 +571,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FedEx product: Ship Manager Software cves: @@ -668,7 +668,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCatalyst product: '' cves: @@ -697,7 +697,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCloud product: '' cves: @@ -726,7 +726,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileWave product: '' cves: @@ -755,7 +755,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FINVI product: '' cves: @@ -784,7 +784,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FireDaemon product: '' cves: @@ -813,7 +813,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fisher & Paykel Healthcare product: '' cves: @@ -871,7 +871,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Flexera product: '' cves: @@ -900,7 +900,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: DLP Manager cves: @@ -929,7 +929,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Forcepoint Cloud Security Gateway (CSG) cves: @@ -958,7 +958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall (NGFW) cves: @@ -987,7 +987,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder @@ -1017,7 +1017,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: One Endpoint cves: @@ -1046,7 +1046,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Security Manager (Web, Email and DLP) cves: @@ -1075,7 +1075,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forescout product: '' cves: @@ -1104,7 +1104,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ForgeRock product: Autonomous Identity cves: @@ -1133,7 +1133,7 @@ software: notes: all other ForgeRock products Not vulnerable references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAIOps cves: @@ -1162,7 +1162,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer cves: @@ -1191,7 +1191,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer Cloud cves: @@ -1220,7 +1220,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAP cves: @@ -1249,7 +1249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAuthenticator cves: @@ -1278,7 +1278,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiCASB cves: @@ -1307,7 +1307,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiConvertor cves: @@ -1336,7 +1336,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiDeceptor cves: @@ -1365,7 +1365,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Agent cves: @@ -1394,7 +1394,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Cloud cves: @@ -1423,7 +1423,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGate Cloud cves: @@ -1452,7 +1452,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGSLB Cloud cves: @@ -1481,7 +1481,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiMail cves: @@ -1510,7 +1510,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager cves: @@ -1539,7 +1539,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager Cloud cves: @@ -1568,7 +1568,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -1597,7 +1597,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -1626,7 +1626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiOS (includes FortiGate & FortiWiFi) cves: @@ -1655,7 +1655,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPhish Cloud cves: @@ -1684,7 +1684,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPolicy cves: @@ -1713,7 +1713,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPortal cves: @@ -1742,7 +1742,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiRecorder cves: @@ -1771,7 +1771,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSIEM cves: @@ -1800,7 +1800,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSOAR cves: @@ -1829,7 +1829,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwicth Cloud in FortiLANCloud cves: @@ -1858,7 +1858,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwitch & FortiSwitchManager cves: @@ -1887,7 +1887,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiToken Cloud cves: @@ -1916,7 +1916,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiVoice cves: @@ -1945,7 +1945,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiWeb Cloud cves: @@ -1974,7 +1974,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: ShieldX cves: @@ -2003,7 +2003,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FTAPI product: '' cves: @@ -2032,7 +2032,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fujitsu product: '' cves: @@ -2061,7 +2061,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth product: FusionAuth cves: @@ -2091,5 +2091,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index dce5a0e..88012b6 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -270,7 +270,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys product: '' cves: @@ -299,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer product: '' cves: @@ -328,7 +328,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gerrit code review product: '' cves: @@ -357,7 +357,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GFI product: '' cves: @@ -386,7 +386,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra product: '' cves: @@ -415,7 +415,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -505,7 +505,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus product: '' cves: @@ -534,7 +534,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere product: Gateway cves: @@ -4657,7 +4657,7 @@ software: notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise cves: @@ -4687,7 +4687,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Build Cache Node cves: @@ -4717,7 +4717,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Test Distribution Agent cves: @@ -4747,7 +4747,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana product: '' cves: @@ -4776,7 +4776,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream product: '' cves: @@ -4805,7 +4805,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -4835,7 +4835,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -4865,7 +4865,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Alert Engine cves: @@ -4895,7 +4895,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Alert Engine cves: @@ -4925,7 +4925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: API Management cves: @@ -4955,7 +4955,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: API Management cves: @@ -4985,7 +4985,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Cockpit cves: @@ -5015,7 +5015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee.io product: '' cves: @@ -5044,7 +5044,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravwell product: '' cves: @@ -5073,7 +5073,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Graylog product: Graylog Server cves: @@ -5103,7 +5103,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot product: '' cves: @@ -5132,7 +5132,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GSA product: Cloud.gov cves: @@ -5190,5 +5190,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_H.yml b/data/cisagov_H.yml index 31674d6..b9d31cf 100644 --- a/data/cisagov_H.yml +++ b/data/cisagov_H.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HarmanPro AMX product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Boundary cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul Enterprise cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad Enterprise cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Packer cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform cves: @@ -264,7 +264,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform Enterprise cves: @@ -293,7 +293,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vagrant cves: @@ -322,7 +322,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault cves: @@ -351,7 +351,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault Enterprise cves: @@ -380,7 +380,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Waypoint cves: @@ -409,7 +409,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HCL Software product: BigFix Compliance cves: @@ -648,7 +648,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HENIX product: Squash TM cves: @@ -709,7 +709,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hikvision product: '' cves: @@ -738,7 +738,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: 3rd party - Elastic Search, Kibana cves: @@ -925,7 +925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: FOXMAN-UN cves: @@ -1332,7 +1332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HMS Industrial Networks AB product: Cosy, Flexy and Ewon CD cves: @@ -2006,7 +2006,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HP product: Teradici Cloud Access Controller cves: @@ -5387,7 +5387,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -5958,7 +5958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hubspot product: '' cves: @@ -5987,5 +5987,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index f07aca1..557f031 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: I2P product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBA-AG product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ibexa product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Analytics Engine cves: @@ -437,7 +437,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: BigFix Inventory cves: @@ -468,7 +468,7 @@ software: of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Block Storage cves: @@ -3198,7 +3198,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Mass Data Migration cves: @@ -3808,7 +3808,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Robotic Process Automation cves: @@ -4010,7 +4010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Spectrum Archive Library Edition cves: @@ -5663,7 +5663,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IGEL product: '' cves: @@ -5692,7 +5692,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ignite Realtime product: '' cves: @@ -5721,7 +5721,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iGrafx product: '' cves: @@ -5750,7 +5750,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illuminated Cloud product: '' cves: @@ -5779,7 +5779,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illumio product: C-VEN cves: @@ -6185,7 +6185,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Imperva product: '' cves: @@ -6214,7 +6214,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Inductive Automation product: Ignition cves: @@ -6274,7 +6274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: infinidat product: '' cves: @@ -6303,7 +6303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: InfluxData product: '' cves: @@ -6332,7 +6332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Infoblox product: '' cves: @@ -6361,7 +6361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Informatica product: '' cves: @@ -6390,7 +6390,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instana product: '' cves: @@ -6419,7 +6419,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instructure product: '' cves: @@ -6448,7 +6448,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intel product: Audio Development Kit cves: @@ -6828,7 +6828,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intland product: codebeamer cves: @@ -6860,7 +6860,7 @@ software: and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IPRO product: Netgovern cves: @@ -6888,7 +6888,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iRedMail product: '' cves: @@ -6917,7 +6917,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ironnet product: '' cves: @@ -6946,7 +6946,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ISLONLINE product: '' cves: @@ -6975,7 +6975,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ivanti product: Application Control for Linux cves: diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index c5139ee..d58b98c 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf product: Jamf Pro cves: @@ -62,7 +62,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Janitza product: GridVis cves: @@ -121,7 +121,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jedox product: '' cves: @@ -150,7 +150,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: CI/CD Core cves: @@ -178,7 +178,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: Plugins cves: @@ -238,7 +238,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jetbrains product: Code With Me cves: @@ -268,7 +268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Datalore cves: @@ -298,7 +298,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Floating license server cves: @@ -328,7 +328,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Gateway cves: @@ -358,7 +358,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Hub cves: @@ -388,7 +388,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, @@ -420,7 +420,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Kotlin cves: @@ -450,7 +450,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Ktor cves: @@ -480,7 +480,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: MPS cves: @@ -510,7 +510,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Space cves: @@ -540,7 +540,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: TeamCity cves: @@ -570,7 +570,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: ToolBox cves: @@ -600,7 +600,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: UpSource cves: @@ -630,7 +630,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: YouTrack InCloud cves: @@ -660,7 +660,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: YouTrack Standalone cves: @@ -690,7 +690,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JFROG product: '' cves: @@ -719,7 +719,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitsi product: '' cves: @@ -748,7 +748,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitterbit product: '' cves: @@ -777,7 +777,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Johnson Controls product: BCPro cves: @@ -1646,7 +1646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: jPOS product: (ISO-8583) bridge cves: @@ -1676,7 +1676,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jump Desktop product: '' cves: @@ -1705,7 +1705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks product: '' cves: @@ -1734,7 +1734,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Justice Systems product: '' cves: @@ -1763,5 +1763,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 79eb59c..7149f4a 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Karakun product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Keeper Security product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP 2 product: '' cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta product: '' cves: @@ -264,7 +264,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG product: '' cves: @@ -293,7 +293,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna product: '' cves: @@ -322,5 +322,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index ee4821e..a1ffc81 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L3Harris Geospatial product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lancom Systems product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lansweeper product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Laserfiche product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LastPass product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LaunchDarkly product: '' cves: @@ -206,7 +206,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leanix product: '' cves: @@ -235,7 +235,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leica BIOSYSTEMS product: Aperio AT2 cves: @@ -2415,7 +2415,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Let's Encrypt product: '' cves: @@ -2444,7 +2444,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LibreNMS product: '' cves: @@ -2473,7 +2473,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeRay product: '' cves: @@ -2502,7 +2502,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeSize product: '' cves: @@ -2531,7 +2531,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lightbend product: '' cves: @@ -2560,7 +2560,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lime CRM product: '' cves: @@ -2589,7 +2589,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LIONGARD product: '' cves: @@ -2618,7 +2618,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiquidFiles product: '' cves: @@ -2647,7 +2647,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiveAction product: '' cves: @@ -2676,7 +2676,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Loftware product: '' cves: @@ -2705,7 +2705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LOGalyze product: SIEM & log analyzer tool cves: @@ -2766,7 +2766,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogicMonitor product: LogicMonitor Platform cves: @@ -2795,7 +2795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogMeIn product: '' cves: @@ -2824,7 +2824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: @@ -2853,7 +2853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Looker product: Looker cves: @@ -2888,7 +2888,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LucaNet product: '' cves: @@ -2917,7 +2917,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lucee product: '' cves: @@ -2946,7 +2946,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lyrasis product: Fedora Repository cves: diff --git a/data/cisagov_M.yml b/data/cisagov_M.yml index 42ad7ab..b87271f 100644 --- a/data/cisagov_M.yml +++ b/data/cisagov_M.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Maltego product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine product: AD SelfService Plus cves: @@ -149,7 +149,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine Zoho product: ADAudit Plus cves: @@ -526,7 +526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MathWorks product: All MathWorks general release desktop or server products cves: @@ -644,7 +644,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mattermost FocalBoard product: '' cves: @@ -673,7 +673,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: McAfee product: Data Exchange Layer (DXL) Client cves: @@ -1549,7 +1549,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MEINBERG product: LANTIME and microSync cves: @@ -1607,7 +1607,7 @@ software: notes: Project is written in Python references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Memurai product: '' cves: @@ -1704,7 +1704,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -1733,7 +1733,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -1763,7 +1763,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -1793,7 +1793,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure DevOps cves: @@ -1822,7 +1822,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure DevOps Server cves: @@ -1852,7 +1852,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Traffic Manager cves: @@ -1881,7 +1881,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Team Foundation Server cves: @@ -1911,7 +1911,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microstrategy product: '' cves: @@ -1998,7 +1998,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Milestone sys product: '' cves: @@ -2027,7 +2027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mimecast product: '' cves: @@ -2056,7 +2056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Minecraft product: '' cves: @@ -2085,7 +2085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mirantis product: '' cves: @@ -2114,7 +2114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Miro product: '' cves: @@ -2143,7 +2143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mitel product: '' cves: @@ -2172,7 +2172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MMM Group product: Control software of all MMM series cves: @@ -2260,7 +2260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Atlas Search cves: @@ -2289,7 +2289,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) @@ -2319,7 +2319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Drivers cves: @@ -2348,7 +2348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) @@ -2378,7 +2378,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: @@ -2407,7 +2407,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) @@ -2437,7 +2437,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Moodle product: '' cves: @@ -2466,7 +2466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MoogSoft product: '' cves: @@ -2495,7 +2495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Motorola Avigilon product: '' cves: @@ -2586,7 +2586,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mulesoft product: Anypoint Studio cves: diff --git a/data/cisagov_N.yml b/data/cisagov_N.yml index bcb7474..596c681 100644 --- a/data/cisagov_N.yml +++ b/data/cisagov_N.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nagios product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NAKIVO product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: National Instruments product: OptimalPlus cves: @@ -182,7 +182,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netcup product: '' cves: @@ -211,7 +211,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NetGate PFSense product: '' cves: @@ -240,7 +240,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netwrix product: '' cves: @@ -269,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: New Relic product: Containerized Private Minion (CPM) cves: @@ -360,7 +360,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nextflow product: Nextflow cves: @@ -448,7 +448,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NinjaRMM product: '' cves: @@ -478,7 +478,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nomachine product: '' cves: @@ -507,7 +507,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NoviFlow product: '' cves: @@ -536,7 +536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog cves: @@ -566,7 +566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog Enterprise (On-premises) cves: @@ -596,7 +596,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo cves: @@ -626,7 +626,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo Enterprise (On-premises) cves: @@ -656,7 +656,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Typetalk cves: @@ -686,7 +686,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nutanix product: AHV cves: @@ -1758,7 +1758,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NXLog product: '' cves: @@ -1787,5 +1787,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_O.yml b/data/cisagov_O.yml index 89b0d7b..bf866b1 100644 --- a/data/cisagov_O.yml +++ b/data/cisagov_O.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OCLC product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Octopus product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Okta product: Advanced Server Access cves: @@ -440,7 +440,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Opengear product: '' cves: @@ -469,7 +469,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenMRS TALK product: '' cves: @@ -498,7 +498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenNMS product: '' cves: @@ -527,7 +527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenSearch product: '' cves: @@ -556,7 +556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenText product: '' cves: @@ -833,7 +833,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PAM cves: @@ -862,7 +862,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PEM cves: @@ -891,7 +891,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PPA cves: @@ -920,7 +920,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OTRS product: '' cves: @@ -949,7 +949,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OVHCloud product: '' cves: @@ -978,7 +978,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OwnCloud product: '' cves: @@ -1007,7 +1007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OxygenXML product: Author cves: diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4dbb587..c0bd941 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -36,4 +36,2752 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.0' + - '9.1' + - '10.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panopto + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut MF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.parallels.com/en/128696 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.parse.ly/parse-ly-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Pega + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pepperl-fuchs.com/global/en/29079.htm + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.percona.com/blog/log4jshell-vulnerability-update/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Multiple products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.0 <= version <= 6.3.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 8.0 <= version <= 10.3.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 2.7.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 4.3.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - NONE + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://pretix.eu/about/de/blog/20211213-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress / IpSwitch + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.progress.com/security + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProSeS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://prosysopc.com/news/important-security-release/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: Axeda Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Connect Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - CBS6.1.x + - CBS6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: FlashBlade + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.1.x + - 3.2.x + - 3.3.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.8.0+ + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - N/A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pyramid Analytics + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index a51cbb4..7062f16 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Qlik product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: @@ -210,7 +210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA product: '' cves: @@ -239,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS product: '' cves: @@ -268,7 +268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT product: '' cves: @@ -297,7 +297,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Quest Global product: '' cves: @@ -326,5 +326,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_R.yml b/data/cisagov_R.yml index a8df413..ab52902 100644 --- a/data/cisagov_R.yml +++ b/data/cisagov_R.yml @@ -4,6 +4,2861 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: R + product: R + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.1.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.r-project.org/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.radware.com/app/answers/answer_view/a_id/1029752 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.0.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - on-prem + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.raritan.com/support + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.21.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Vert.X + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.resmed.com/en-us/security/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ricoh.com/info/2021/1215_1/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ringcentral.com/trust-center/security-bulletin.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.00.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.03.00 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Series A + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '0.13' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/rstudio/rstudioapi + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.1 to 6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ruckuswireless.com/security_bulletins/313 + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Runecast product: Runecast Analyzer cves: @@ -33,5 +2888,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index fa14507..6df8757 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAFE FME Server product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAGE product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SailPoint product: '' cves: @@ -120,7 +120,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Salesforce product: Analytics Cloud cves: @@ -1093,7 +1093,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SAP product: '' cves: @@ -1212,7 +1212,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SASSAFRAS product: '' cves: @@ -1241,7 +1241,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Savignano software solutions product: '' cves: @@ -1270,7 +1270,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SBT product: SBT cves: @@ -1330,7 +1330,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScaleFusion MobileLock Pro product: '' cves: @@ -1359,7 +1359,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Schneider Electric product: EASYFIT cves: @@ -2105,7 +2105,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ScreenBeam product: '' cves: @@ -2134,7 +2134,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SDL worldServer product: '' cves: @@ -2163,7 +2163,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Seagull Scientific product: '' cves: @@ -2192,7 +2192,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SecurePoint product: '' cves: @@ -2221,7 +2221,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Security Onion product: '' cves: @@ -2250,7 +2250,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Securonix product: Extended Detection and Response (XDR) cves: @@ -2429,7 +2429,7 @@ software: by CISA. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SentinelOne product: '' cves: @@ -2458,7 +2458,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sentry product: '' cves: @@ -2487,7 +2487,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SEP product: '' cves: @@ -2516,7 +2516,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Server Eye product: '' cves: @@ -2545,7 +2545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ServiceNow product: '' cves: @@ -2574,7 +2574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: '' cves: @@ -2603,7 +2603,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Shibboleth product: All Products cves: @@ -2663,7 +2663,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Siebel product: '' cves: @@ -2692,7 +2692,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Siemens product: Affected Products cves: @@ -3899,7 +3899,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sierra Wireless product: AirVantage and Octave cloud platforms cves: @@ -3987,7 +3987,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Silver Peak product: Orchestrator, Silver Peak GMS cves: @@ -4049,7 +4049,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SISCO product: '' cves: @@ -4107,7 +4107,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Skillable product: '' cves: @@ -4136,7 +4136,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SLF4J product: '' cves: @@ -4165,7 +4165,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Slurm product: Slurm cves: @@ -4253,7 +4253,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SmileCDR product: '' cves: @@ -4282,7 +4282,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sn0m product: '' cves: @@ -4311,7 +4311,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snakemake product: Snakemake cves: @@ -4371,7 +4371,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snow Software product: VM Access Proxy cves: @@ -4401,7 +4401,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snowflake product: '' cves: @@ -4430,7 +4430,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Snyk product: Cloud Platform cves: @@ -4459,7 +4459,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Software AG product: '' cves: @@ -4488,7 +4488,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SolarWinds product: Database Performance Analyzer (DPA) cves: @@ -4609,7 +4609,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sonatype product: All Products cves: @@ -5551,7 +5551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spacelabs Healthcare product: ABP cves: @@ -6149,7 +6149,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spigot product: '' cves: @@ -6178,7 +6178,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Splunk product: Data Stream Processor cves: @@ -6850,7 +6850,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring product: Spring Boot cves: @@ -6880,7 +6880,7 @@ software: switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring Boot product: '' cves: @@ -6909,7 +6909,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StarDog product: '' cves: @@ -6938,7 +6938,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: STERIS product: Advantage cves: @@ -8475,7 +8475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Storagement product: '' cves: @@ -8504,7 +8504,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StormShield product: '' cves: @@ -8533,7 +8533,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StrangeBee TheHive & Cortex product: '' cves: @@ -8562,7 +8562,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stratodesk product: '' cves: @@ -8591,7 +8591,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Strimzi product: '' cves: @@ -8620,7 +8620,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stripe product: '' cves: @@ -8649,7 +8649,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Styra product: '' cves: @@ -8678,7 +8678,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sumologic product: '' cves: @@ -8707,7 +8707,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SumoLogic product: '' cves: @@ -8736,7 +8736,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Superna EYEGLASS product: '' cves: @@ -8765,7 +8765,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Suprema Inc product: '' cves: @@ -8794,7 +8794,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SUSE product: '' cves: @@ -8823,7 +8823,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sweepwidget product: '' cves: @@ -8852,7 +8852,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Swyx product: '' cves: @@ -8881,7 +8881,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synchro MSP product: '' cves: @@ -8910,7 +8910,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syncplify product: '' cves: @@ -8939,7 +8939,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synology product: '' cves: @@ -8968,7 +8968,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synopsys product: '' cves: @@ -8997,7 +8997,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syntevo product: '' cves: @@ -9026,7 +9026,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SysAid product: '' cves: @@ -9055,7 +9055,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sysdig product: '' cves: @@ -9084,5 +9084,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_T.yml b/data/cisagov_T.yml index de948b6..4b0134c 100644 --- a/data/cisagov_T.yml +++ b/data/cisagov_T.yml @@ -260,7 +260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tanium product: All cves: @@ -319,7 +319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TeamPasswordManager product: '' cves: @@ -348,7 +348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Teamviewer product: '' cves: @@ -377,7 +377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tech Software product: OneAegis (f/k/a IRBManager) cves: @@ -496,7 +496,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Telestream product: '' cves: @@ -525,7 +525,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tenable product: Tenable.io / Nessus cves: @@ -555,7 +555,7 @@ software: to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Thales product: CADP/SafeNet Protect App (PA) - JCE cves: @@ -2391,7 +2391,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ThycoticCentrify product: Account Lifecycle Manager cves: @@ -2690,7 +2690,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Top Gun Technology (TGT) product: '' cves: @@ -2719,7 +2719,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TopDesk product: '' cves: @@ -2748,7 +2748,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Topicus Security product: Topicus KeyHub cves: @@ -2807,7 +2807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tosibox product: '' cves: @@ -2836,7 +2836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TPLink product: Omega Controller cves: @@ -2897,7 +2897,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tricentis Tosca product: '' cves: @@ -2926,7 +2926,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tridium product: '' cves: @@ -3224,7 +3224,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TrueNAS product: '' cves: @@ -3253,7 +3253,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tufin product: '' cves: @@ -3282,7 +3282,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TYPO3 product: '' cves: @@ -3311,5 +3311,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_U.yml b/data/cisagov_U.yml index 0ce28f2..5a679fc 100644 --- a/data/cisagov_U.yml +++ b/data/cisagov_U.yml @@ -33,7 +33,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Controller cves: @@ -93,7 +93,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: UiPath product: InSights cves: @@ -152,7 +152,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: UniFlow product: '' cves: @@ -181,7 +181,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Unify ATOS product: '' cves: @@ -210,7 +210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Unimus product: '' cves: @@ -239,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: USSIGNAL MSP product: '' cves: @@ -268,5 +268,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 9594d23..c3555b7 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -1233,7 +1233,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varnish Software product: '' cves: @@ -1262,7 +1262,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varonis product: '' cves: @@ -1291,7 +1291,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veeam product: '' cves: @@ -1320,7 +1320,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Venafi product: '' cves: @@ -1349,7 +1349,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veritas NetBackup product: '' cves: @@ -1378,7 +1378,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Vertica product: '' cves: @@ -1466,7 +1466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: VMware product: API Portal for VMware Tanzu cves: diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b1651d2..0781052 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -62,7 +62,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wasp Barcode technologies product: '' cves: @@ -91,7 +91,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard product: Secplicity cves: @@ -120,7 +120,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Western Digital product: '' cves: @@ -149,7 +149,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WIBU Systems product: CodeMeter Cloud Lite cves: @@ -238,7 +238,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WireShark product: '' cves: @@ -267,7 +267,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wistia product: '' cves: @@ -296,7 +296,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo product: '' cves: @@ -325,7 +325,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress product: '' cves: @@ -354,7 +354,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere product: '' cves: @@ -383,7 +383,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza product: '' cves: @@ -412,7 +412,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 product: WSO2 Enterprise Integrator cves: @@ -442,5 +442,5 @@ software: notes: A temporary mitigation is available while vendor works on update references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index e2f18a2..b107a72 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XenForo product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG product: '' cves: @@ -148,7 +148,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI product: '' cves: @@ -177,7 +177,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xylem product: Aquatalk cves: diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index 982c73c..cc2fe73 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA product: '' cves: @@ -119,5 +119,5 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' ... diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 5a92727..13f553c 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -32,7 +32,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZAMMAD product: '' cves: @@ -61,7 +61,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zaproxy product: '' cves: @@ -90,7 +90,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zebra product: '' cves: @@ -119,7 +119,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zendesk product: All Products cves: @@ -180,7 +180,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zentera Systems, Inc. product: CoIP Access Platform cves: @@ -239,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zesty product: '' cves: @@ -268,7 +268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zimbra product: '' cves: @@ -297,7 +297,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zix product: '' cves: @@ -355,7 +355,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZPE systems Inc product: '' cves: @@ -384,7 +384,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zscaler product: See Link (Multiple Products) cves: @@ -442,7 +442,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel product: Security Firewall/Gateways cves: From aa4490c0611f381769d6857a8e79a14bee13fb5f Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 25 Jan 2022 18:56:22 +0000 Subject: [PATCH 039/268] Update the software list --- SOFTWARE-LIST.md | 191 +- data/cisagov.yml | 9831 ++++++++++++++++++++++++++++++++++++---------- 2 files changed, 7907 insertions(+), 2115 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 6a90bbf..fdf75df 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1512,7 +1512,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | HPE | OfficeConnect | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Primera Storage | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | RepoServer part of OPA (on Premises aggregator) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| HPE | Resource Aggregator for Open Distributed Infrastructure Management | | | Not Affected | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | RESTful Interface Tool (iLOREST) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | SAT (System Admin Toolkit) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | HPE | Scripting Tools for Windows PowerShell (HPEiLOCmdlets) | | | Unknown | [link](https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00120086en_us) | Support Communication Cross Reference ID: SIK7387 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | @@ -2217,6 +2217,99 @@ NOTE: This file is automatically generated. To submit updates, please refer to | OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | PagerDuty | PagerDuty SaaS | | | Unknown | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Palantir | Palantir AI Inference Platform (AIP) | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Apollo | | | Not Affected | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact, and updates have been deployed for full remediation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Foundry | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palantir | Palantir Gotham | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Palo-Alto Networks | Bridgecrew | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | CloudGenix | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Data Lake | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XDR Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Xpanse | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XSOAR | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Expedition | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | GlobalProtect App | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | IoT Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Okyo Grade | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0, 9.1, 10.0 | | Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Palo-Alto Networks | Prisma Access | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud Compute | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | SaaS Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | User-ID Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Appliance | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Panopto | | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Parallels | | | | Unknown | [link](https://kb.parallels.com/en/128696) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Parse.ly | | | | Unknown | [link](https://blog.parse.ly/parse-ly-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PBXMonitor | RMM for 3CX PBX | | | Unknown | [link](https://www.pbxmonitor.net/changelog.php) | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Pega | | | | Unknown | [link](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pentaho | | | | Unknown | [link](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pepperl+Fuchs | | | | Unknown | [link](https://www.pepperl-fuchs.com/global/en/29079.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Percona | | | | Unknown | [link](https://www.percona.com/blog/log4jshell-vulnerability-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | | | | Unknown | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Phenix Id | | | | Unknown | [link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Philips | Multiple products | | | Unknown | [link](https://www.philips.com/a-w/security/security-advisories.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PHOENIX CONTACT | Cloud Services | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | Partly affected. Remediations are being implemented. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Physical products containing firmware | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Software Products | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingCentral | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate Java Integration Kit | < 2.7.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate OAuth Playground | < 4.3.1 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingIntelligence | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pitney Bowes | | | | Unknown | [link](https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planmeca | | | | Unknown | [link](https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planon Software | | | | Unknown | [link](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Platform.SH | | | | Unknown | [link](https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plesk | | | | Unknown | [link](https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plex | Plex Industrial IoT | | | Unknown | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Polycom | | | | Unknown | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Portainer | | | | Unknown | [link](https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PortSwigger | | | | Unknown | [link](https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PostGreSQL | | | | Unknown | [link](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Postman | | | | Unknown | [link](https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Power Admin LLC | PA File Sight | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Server Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Storage Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Pretix | | | | Unknown | [link](https://pretix.eu/about/de/blog/20211213-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PrimeKey | | | | Unknown | [link](https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Progress / IpSwitch | | | | Unknown | [link](https://www.progress.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ProofPoint | | | | Unknown | [link](https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ProSeS | | | | Unknown | [link](https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Prosys | | | | Unknown | [link](https://prosysopc.com/news/important-security-release/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | | | | Unknown | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PRTG Paessler | | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTC | Axeda Platform | 6.9.2 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingsWorx Analytics | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingsWorx Platform | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTV Group | | | | Unknown | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Connect Secure (ICS) | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Connect Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Desktop Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Mobile Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse One | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Policy Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Services Director | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Virtual Traffic Manager | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Web Application Firewall | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | | | | Unknown | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pure Storage | | | | Unknown | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/27/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/20/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | FlashBlade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/24/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -2228,6 +2321,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to | QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rapid7 | AlcidekArt, kAdvisor, and kAudit | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | AppSpider Enterprise | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | AppSpider Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Insight Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightAppSec Scan Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightCloudSec/DivvyCloud | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightConnect Orchestrator | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightIDR Network Sensor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightIDR/InsightOps Collector & Event Sources | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps DataHub | InsightOps DataHub <= 2.0 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps non-Java logging libraries | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightOps r7insight_java logging library | <=3.0.8 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM Kubernetes Monitor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose Console | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | InsightVM/Nexpose Engine | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” packaged in them. This is a different library than log4j-core and is not vulnerable to Log4Shell. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | IntSights virtual appliance | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Logentries DataHub | Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). Windows: Run version 1.2.0.822 in a Docker container or as a Java command per these [instructions](https://docs.logentries.com/docs/datahub-windows). You can find more details [here](https://docs.logentries.com/docs/datahub-linux). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Logentries le_java logging library | All versions: this is a deprecated component | | Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Metasploit Framework | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Metasploit Pro | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | Metasploit Pro ships with log4j but has specific configurations applied to it that mitigate Log4Shell. A future update will contain a fully patched version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | tCell Java Agent | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rapid7 | Velociraptor | | | Not Affected | [link](https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Raritan | | | | Unknown | [link](https://www.raritan.com/support) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ravelin | | | | Unknown | [link](https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Real-Time Innovations (RTI) | Distributed Logger | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | Recording Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Administration Console | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Code Generator | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Code Generator Server | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Micro 3.0.0, 3.0.1, 3.0.2, 3.0.3 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Micro Application Generator (MAG) | as part of RTI Connext Professional 6.0.0 and 6.0.1 | | Affected | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Real-Time Innovations (RTI) | RTI Monitor | | | Unknown | [link](https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Red Hat | log4j-core | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Integration Camel K | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat build of Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat CodeReady Studio | | 12.21.0 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Data Grid | | 8 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Decision Manager | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Enterprise Linux | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat Integration Camel Quarkus | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss A-MQ Streaming | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss Enterprise Application Platform | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Red Hat | Red Hat JBoss Fuse | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Process Automation | | 7 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches) - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Single Sign-On | | | Not Affected | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Red Hat Vert.X | | 4 | Fixed | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Satellite 5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat | Spacewalk | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-logging-elasticsearch5 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | [RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-logging-elasticsearch6 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-hive | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Container Platform 4 | openshift4/ose-metering-presto | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenShift Logging | logging-elasticsearch6-container | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | Please refer to Red Hat Customer Portal to find the right errata for your version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat OpenStack Platform 13 (Queens) | opendaylight | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | End of Life | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-java-common-log4j | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-maven35-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red Hat Software Collections | rh-maven36-log4j12 | | | Unknown | [link](https://access.redhat.com/security/cve/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Red5Pro | | | | Unknown | [link](https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RedGate | | | | Unknown | [link](https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Redis | | | | Unknown | [link](https://redis.com/security/notice-apache-log4j2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Reiner SCT | | | | Unknown | [link](https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ReportURI | | | | Unknown | [link](https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ResMed | AirView | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| ResMed | myAir | | | Unknown | [link](https://www.resmed.com/en-us/security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Respondus | | | | Unknown | [link](https://support.respondus.com/support/index.php?/News/NewsItem/View/339) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Revenera / Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ricoh | | | | Unknown | [link](https://www.ricoh.com/info/2021/1215_1/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RingCentral | | | | Unknown | [link](https://www.ringcentral.com/trust-center/security-bulletin.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Riverbed | | | | Unknown | [link](https://supportkb.riverbed.com/support/index?page=content&id=S35645) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rockwell Automation | FactoryTalk Analytics DataFlowML | 4.00.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | FactoryTalk Analytics DataView | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | Industrial Data Center | | Gen 1, Gen 2, Gen 3, Gen 3.5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | MES EIG | 3.03.00 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | Customers should upgrade to EIG Hub if possible or work with their local representatives about alternative solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | VersaVirtual | | Series A | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rockwell Automation | Warehouse Management | 4.01.00, 4.02.00, 4.02.01, 4.02.02 | | Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Rollbar | | | | Unknown | [link](https://rollbar.com/blog/log4j-zero-day-2021-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rosette.com | | | | Unknown | [link](https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager Prime | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Authentication Manager WebTier | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Governance and Lifecycle | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Governance and Lifecycle Cloud | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA | SecurID Identity Router | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| RSA Netwitness | | | | Unknown | [link](https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Rstudioapi | Rstudioapi | | | Not Affected | [link](https://github.com/rstudio/rstudioapi) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Rubrik | | | | Unknown | [link](https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ruckus | Virtual SmartZone (vSZ) | 5.1 to 6.0 | | Affected | [link](https://support.ruckuswireless.com/security_bulletins/313) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| RunDeck by PagerDuty | | | | Unknown | [link](https://docs.rundeck.com/docs/history/CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Runecast | Runecast Analyzer | | 6.0.3 | Fixed | [link](https://www.runecast.com/release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAE-IT | | | | Unknown | [link](https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 972d02e..b0f11e7 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -9266,7 +9266,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection Engine (SPE) cves: @@ -9295,7 +9295,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Symantec Protection for SharePoint Servers (SPSS) cves: @@ -9324,7 +9324,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP cves: @@ -9353,7 +9353,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: VIP Authentication Hub cves: @@ -9382,7 +9382,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Isolation (WI) cves: @@ -9411,7 +9411,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: Web Security Service (WSS) cves: @@ -9440,7 +9440,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Broadcom product: WebPulse cves: @@ -9469,7 +9469,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: C4b XPHONE product: '' cves: @@ -9498,7 +9498,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Campbell Scientific product: All cves: @@ -9556,7 +9556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Canary Labs product: All cves: @@ -9874,7 +9874,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Carestream product: '' cves: @@ -9932,7 +9932,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CAS genesisWorld product: '' cves: @@ -9961,7 +9961,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cato Networks product: '' cves: @@ -9990,7 +9990,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cepheid product: C360 cves: @@ -10077,7 +10077,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Chaser Systems product: discrimiNAT Firewall cves: @@ -10107,7 +10107,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: CloudGuard cves: @@ -10137,7 +10137,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Harmony Endpoint & Harmony Mobile cves: @@ -10167,7 +10167,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Infinity Portal cves: @@ -10196,7 +10196,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Gateway cves: @@ -10226,7 +10226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: Quantum Security Management cves: @@ -10257,7 +10257,7 @@ software: this attack by default. references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: SMB cves: @@ -10287,7 +10287,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Check Point product: ThreatCloud cves: @@ -10316,7 +10316,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CheckMK product: '' cves: @@ -10345,7 +10345,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ciphermail product: '' cves: @@ -10374,7 +10374,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CircleCI product: CircleCI cves: @@ -10432,7 +10432,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: AppDynamics cves: @@ -10461,7 +10461,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ACI Multi-Site Orchestrator cves: @@ -10490,7 +10490,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ACI Virtual Edge cves: @@ -10519,7 +10519,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Adaptive Security Appliance (ASA) Software cves: @@ -10548,7 +10548,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Advanced Web Security Reporting Application cves: @@ -10577,7 +10577,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco AMP Virtual Private Cloud Appliance cves: @@ -10606,7 +10606,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco AnyConnect Secure Mobility Client cves: @@ -10635,7 +10635,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Application Policy Infrastructure Controller (APIC) cves: @@ -10664,7 +10664,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco ASR 5000 Series Routers cves: @@ -10693,7 +10693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Broadcloud Calling cves: @@ -10722,7 +10722,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco BroadWorks cves: @@ -10751,7 +10751,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Catalyst 9800 Series Wireless Controllers cves: @@ -10780,7 +10780,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CloudCenter Suite Admin cves: @@ -10809,7 +10809,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CloudCenter Workload Manager cves: @@ -10838,7 +10838,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Cognitive Intelligence cves: @@ -10867,7 +10867,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Common Services Platform Collector cves: @@ -10896,7 +10896,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Computer Telephony Integration Object Server (CTIOS) cves: @@ -10925,7 +10925,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Grid Device Manager cves: @@ -10954,7 +10954,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connected Mobile Experiences cves: @@ -10983,7 +10983,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Connectivity cves: @@ -11012,7 +11012,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Domain Manager (CCDM) cves: @@ -11041,7 +11041,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Contact Center Management Portal (CCMP) cves: @@ -11070,7 +11070,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Crosswork Change Automation cves: @@ -11099,7 +11099,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco CX Cloud Agent Software cves: @@ -11128,7 +11128,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Data Center Network Manager (DCNM) cves: @@ -11157,7 +11157,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Defense Orchestrator cves: @@ -11186,7 +11186,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Assurance cves: @@ -11215,7 +11215,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Center cves: @@ -11244,7 +11244,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco DNA Spaces cves: @@ -11273,7 +11273,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Elastic Services Controller (ESC) cves: @@ -11302,7 +11302,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Emergency Responder cves: @@ -11331,7 +11331,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise Chat and Email cves: @@ -11360,7 +11360,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Enterprise NFV Infrastructure Software (NFVIS) cves: @@ -11389,7 +11389,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Evolved Programmable Network Manager cves: @@ -11418,7 +11418,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Extensible Network Controller (XNC) cves: @@ -11447,7 +11447,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Finesse cves: @@ -11476,7 +11476,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Management Center cves: @@ -11505,7 +11505,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Firepower Threat Defense (FTD) cves: @@ -11534,7 +11534,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco GGSN Gateway GPRS Support Node cves: @@ -11563,7 +11563,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco HyperFlex System cves: @@ -11592,7 +11592,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Identity Services Engine (ISE) cves: @@ -11621,7 +11621,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Integrated Management Controller (IMC) Supervisor cves: @@ -11650,7 +11650,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight cves: @@ -11679,7 +11679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Intersight Virtual Appliance cves: @@ -11708,7 +11708,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOS and IOS XE Software cves: @@ -11737,7 +11737,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Field Network Director (formerly Cisco Connected Grid Network Management System) @@ -11767,7 +11767,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IoT Operations Dashboard cves: @@ -11796,7 +11796,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IOx Fog Director cves: @@ -11825,7 +11825,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco IP Services Gateway (IPSG) cves: @@ -11854,7 +11854,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Kinetic for Cities cves: @@ -11883,7 +11883,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MDS 9000 Series Multilayer Switches cves: @@ -11912,7 +11912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Meeting Server cves: @@ -11941,7 +11941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco MME Mobility Management Entity cves: @@ -11970,7 +11970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Modeling Labs cves: @@ -11999,7 +11999,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assessment (CNA) Tool cves: @@ -12028,7 +12028,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Assurance Engine cves: @@ -12057,7 +12057,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Convergence System 2000 Series cves: @@ -12086,7 +12086,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Planner cves: @@ -12115,7 +12115,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Network Services Orchestrator (NSO) cves: @@ -12144,7 +12144,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5500 Platform Switches cves: @@ -12173,7 +12173,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 5600 Platform Switches cves: @@ -12202,7 +12202,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 6000 Series Switches cves: @@ -12231,7 +12231,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 7000 Series Switches cves: @@ -12260,7 +12260,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode @@ -12290,7 +12290,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Dashboard (formerly Cisco Application Services Engine) cves: @@ -12319,7 +12319,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Data Broker cves: @@ -12348,7 +12348,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Nexus Insights cves: @@ -12377,7 +12377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Optical Network Planner cves: @@ -12406,7 +12406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Packaged Contact Center Enterprise cves: @@ -12435,7 +12435,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Paging Server cves: @@ -12464,7 +12464,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Paging Server (InformaCast) cves: @@ -12493,7 +12493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PDSN/HA Packet Data Serving Node and Home Agent cves: @@ -12522,7 +12522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco PGW Packet Data Network Gateway cves: @@ -12551,7 +12551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Policy Suite cves: @@ -12580,7 +12580,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Central for Service Providers cves: @@ -12609,7 +12609,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Manager cves: @@ -12638,7 +12638,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Collaboration Provisioning cves: @@ -12667,7 +12667,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Infrastructure cves: @@ -12696,7 +12696,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime License Manager cves: @@ -12725,7 +12725,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Network cves: @@ -12754,7 +12754,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Optical for Service Providers cves: @@ -12783,7 +12783,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Provisioning cves: @@ -12812,7 +12812,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Prime Service Catalog cves: @@ -12841,7 +12841,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Registered Envelope Service cves: @@ -12870,7 +12870,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 1000 Series Routers cves: @@ -12899,7 +12899,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 2000 Series Routers cves: @@ -12928,7 +12928,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge 5000 Series Routers cves: @@ -12957,7 +12957,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vEdge Cloud Router Platform cves: @@ -12986,7 +12986,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SD-WAN vManage cves: @@ -13015,7 +13015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Secure Network Analytics (SNA), formerly Stealthwatch cves: @@ -13044,7 +13044,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco SocialMiner cves: @@ -13073,7 +13073,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco System Architecture Evolution Gateway (SAEGW) cves: @@ -13102,7 +13102,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco TelePresence Management Suite cves: @@ -13131,7 +13131,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Director cves: @@ -13160,7 +13160,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco UCS Performance Manager cves: @@ -13189,7 +13189,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Umbrella cves: @@ -13218,7 +13218,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Advanced cves: @@ -13247,7 +13247,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Business Edition cves: @@ -13276,7 +13276,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Department Edition cves: @@ -13305,7 +13305,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Enterprise Edition cves: @@ -13334,7 +13334,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Attendant Console Premium Edition cves: @@ -13363,7 +13363,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Communications Manager Cloud cves: @@ -13392,7 +13392,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Enterprise cves: @@ -13421,7 +13421,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Enterprise - Live Data server cves: @@ -13450,7 +13450,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Contact Center Express cves: @@ -13479,7 +13479,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified Intelligent Contact Management Enterprise cves: @@ -13508,7 +13508,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Unified SIP Proxy Software cves: @@ -13537,7 +13537,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Video Surveillance Operations Manager cves: @@ -13566,7 +13566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtual Topology System - Virtual Topology Controller (VTC) VM cves: @@ -13595,7 +13595,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Virtualized Voice Browser cves: @@ -13624,7 +13624,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Vision Dynamic Signage Director cves: @@ -13653,7 +13653,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco WAN Automation Engine (WAE) cves: @@ -13682,7 +13682,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Web Security Appliance (WSA) cves: @@ -13711,7 +13711,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Cloud-Connected UC (CCUC) cves: @@ -13740,7 +13740,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Meetings Server cves: @@ -13769,7 +13769,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Webex Teams cves: @@ -13798,7 +13798,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Cisco Wide Area Application Services (WAAS) cves: @@ -13827,7 +13827,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Duo cves: @@ -13856,7 +13856,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: DUO network gateway (on-prem/self-hosted) cves: @@ -13884,7 +13884,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: duo network gateway (on-prem/self-hosted) cves: @@ -13912,7 +13912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Exony Virtualized Interaction Manager (VIM) cves: @@ -13941,7 +13941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cisco product: Managed Services Accelerator (MSX) Network Access Control Service cves: @@ -13970,7 +13970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Citrix product: Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) cves: @@ -14407,7 +14407,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: AM2CM Tool cves: @@ -14436,7 +14436,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Ambari cves: @@ -14467,7 +14467,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Arcadia Enterprise cves: @@ -14497,7 +14497,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDH, HDP, and HDF cves: @@ -14527,7 +14527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Operational Database (COD) cves: @@ -14556,7 +14556,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDP Private Cloud Base cves: @@ -14586,7 +14586,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3 Powered by Apache Spark cves: @@ -14616,7 +14616,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: CDS 3.2 for GPUs cves: @@ -14646,7 +14646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Cybersecurity Platform cves: @@ -14676,7 +14676,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -14705,7 +14705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Engineering (CDE) cves: @@ -14735,7 +14735,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Flow (CFM) cves: @@ -14764,7 +14764,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Science Workbench (CDSW) cves: @@ -14795,7 +14795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Visualization (CDV) cves: @@ -14824,7 +14824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -14853,7 +14853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Data Warehouse (CDW) cves: @@ -14883,7 +14883,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera DataFlow (CDF) cves: @@ -14912,7 +14912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Edge Management (CEM) cves: @@ -14942,7 +14942,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Enterprise cves: @@ -14972,7 +14972,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Flow Management (CFM) cves: @@ -15002,7 +15002,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -15031,7 +15031,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Machine Learning (CML) cves: @@ -15061,7 +15061,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -15092,7 +15092,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR) and Replication Manager) @@ -15125,7 +15125,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Manager (Including Backup Disaster Recovery (BDR)) cves: @@ -15154,7 +15154,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Runtime (including Cloudera Data Hub and all Data Hub templates) cves: @@ -15186,7 +15186,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Stream Processing (CSP) cves: @@ -15216,7 +15216,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -15245,7 +15245,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Cloudera Streaming Analytics (CSA) cves: @@ -15274,7 +15274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Analytics Studio (DAS) cves: @@ -15303,7 +15303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Catalog cves: @@ -15332,7 +15332,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Lifecycle Manager (DLM) cves: @@ -15361,7 +15361,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Data Steward Studio (DSS) cves: @@ -15391,7 +15391,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Flow (HDF) cves: @@ -15420,7 +15420,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks Data Platform (HDP) cves: @@ -15452,7 +15452,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Hortonworks DataPlane Platform cves: @@ -15481,7 +15481,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console cves: @@ -15511,7 +15511,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Management Console for CDP Public Cloud cves: @@ -15540,7 +15540,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Replication Manager cves: @@ -15569,7 +15569,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: SmartSense cves: @@ -15598,7 +15598,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload Manager cves: @@ -15627,7 +15627,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload XM cves: @@ -15657,7 +15657,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudera product: Workload XM (SaaS) cves: @@ -15686,7 +15686,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CloudFlare product: '' cves: @@ -15715,7 +15715,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudian HyperStore product: '' cves: @@ -15744,7 +15744,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: Ecosystem cves: @@ -15774,7 +15774,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudogu product: SCM-Manager cves: @@ -15803,7 +15803,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cloudron product: '' cves: @@ -15832,7 +15832,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Clover product: '' cves: @@ -15861,7 +15861,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Code42 product: Code42 App cves: @@ -15952,7 +15952,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Codesys product: '' cves: @@ -15981,7 +15981,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cohesity product: '' cves: @@ -16010,7 +16010,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CommVault product: '' cves: @@ -16039,7 +16039,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Concourse product: Concourse cves: @@ -16068,7 +16068,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConcreteCMS.com product: '' cves: @@ -16097,7 +16097,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Confluent product: Confluent Cloud cves: @@ -16426,7 +16426,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ConnectWise product: '' cves: @@ -16455,7 +16455,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ContrastSecurity product: '' cves: @@ -16484,7 +16484,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ControlUp product: '' cves: @@ -16513,7 +16513,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: COPADATA product: All cves: @@ -16571,7 +16571,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CPanel product: '' cves: @@ -16600,7 +16600,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Cradlepoint product: '' cves: @@ -16629,7 +16629,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Crestron product: '' cves: @@ -16687,7 +16687,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CryptShare product: '' cves: @@ -16716,7 +16716,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberArk product: Privileged Threat Analytics (PTA) cves: @@ -16776,7 +16776,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: CyberRes product: '' cves: @@ -16805,7 +16805,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Daktronics product: All Sport Pro cves: @@ -17417,7 +17417,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes product: '' cves: @@ -17446,7 +17446,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks product: '' cves: @@ -17475,7 +17475,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog product: Datadog Agent cves: @@ -17508,7 +17508,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer product: '' cves: @@ -17537,7 +17537,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datev product: '' cves: @@ -17566,7 +17566,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto product: '' cves: @@ -17595,7 +17595,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: dCache.org product: '' cves: @@ -17624,7 +17624,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian product: '' cves: @@ -17653,7 +17653,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Deepinstinct product: '' cves: @@ -17682,7 +17682,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:51+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' cves: @@ -25107,7 +25107,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 product: '' cves: @@ -25136,7 +25136,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions product: All products cves: @@ -25165,7 +25165,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf product: '' cves: @@ -25194,7 +25194,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digi International product: AnywhereUSB Manager cves: @@ -26354,7 +26354,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI product: '' cves: @@ -26383,7 +26383,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital Alert Systems product: All cves: @@ -26441,7 +26441,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker product: '' cves: @@ -26470,7 +26470,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign product: '' cves: @@ -26499,7 +26499,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: DrayTek product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform @@ -26558,7 +26558,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dynatrace product: ActiveGate cves: @@ -26819,7 +26819,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton product: Undisclosed cves: @@ -26851,7 +26851,7 @@ software: wall. references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ product: '' cves: @@ -26880,7 +26880,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation product: '' cves: @@ -26909,7 +26909,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards product: '' cves: @@ -26967,7 +26967,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EGroupware product: '' cves: @@ -26996,7 +26996,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic product: APM Java Agent cves: @@ -27580,7 +27580,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian product: Admin cves: @@ -31036,7 +31036,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESET product: '' cves: @@ -31065,7 +31065,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESRI product: ArcGIS Data Store cves: @@ -31280,7 +31280,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Evolveum Midpoint product: '' cves: @@ -31309,7 +31309,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon product: '' cves: @@ -31338,7 +31338,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exabeam product: '' cves: @@ -31368,7 +31368,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact product: '' cves: @@ -31397,7 +31397,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exivity product: '' cves: @@ -31426,7 +31426,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ExtraHop product: Reveal(x) cves: @@ -31487,7 +31487,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extreme Networks product: '' cves: @@ -31516,7 +31516,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extron product: '' cves: @@ -31545,7 +31545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Elements Connector cves: @@ -31574,7 +31574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Endpoint Proxy cves: @@ -31604,7 +31604,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Messaging Security Gateway cves: @@ -31633,7 +31633,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager cves: @@ -31663,7 +31663,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F-Secure product: Policy Manager Proxy cves: @@ -31693,7 +31693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IP (all modules) cves: @@ -31723,7 +31723,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: BIG-IQ Centralized Management cves: @@ -31753,7 +31753,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: F5OS cves: @@ -31783,7 +31783,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX App Protect cves: @@ -31813,7 +31813,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Controller cves: @@ -31843,7 +31843,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Ingress Controller cves: @@ -31873,7 +31873,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Instance Manager cves: @@ -31903,7 +31903,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Open Source cves: @@ -31933,7 +31933,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Plus cves: @@ -31963,7 +31963,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Service Mesh cves: @@ -31993,7 +31993,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: NGINX Unit cves: @@ -32023,7 +32023,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: F5 product: Traffix SDC cves: @@ -32055,7 +32055,7 @@ software: Kibana), Element Management System' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA product: '' cves: @@ -32084,7 +32084,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly product: '' cves: @@ -32113,7 +32113,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FedEx product: Ship Manager Software cves: @@ -32210,7 +32210,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCatalyst product: '' cves: @@ -32239,7 +32239,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCloud product: '' cves: @@ -32268,7 +32268,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileWave product: '' cves: @@ -32297,7 +32297,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FINVI product: '' cves: @@ -32326,7 +32326,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FireDaemon product: '' cves: @@ -32355,7 +32355,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fisher & Paykel Healthcare product: '' cves: @@ -32413,7 +32413,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Flexera product: '' cves: @@ -32442,7 +32442,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: DLP Manager cves: @@ -32471,7 +32471,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Forcepoint Cloud Security Gateway (CSG) cves: @@ -32500,7 +32500,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall (NGFW) cves: @@ -32529,7 +32529,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder @@ -32559,7 +32559,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: One Endpoint cves: @@ -32588,7 +32588,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint product: Security Manager (Web, Email and DLP) cves: @@ -32617,7 +32617,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forescout product: '' cves: @@ -32646,7 +32646,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ForgeRock product: Autonomous Identity cves: @@ -32675,7 +32675,7 @@ software: notes: all other ForgeRock products Not vulnerable references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAIOps cves: @@ -32704,7 +32704,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer cves: @@ -32733,7 +32733,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAnalyzer Cloud cves: @@ -32762,7 +32762,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAP cves: @@ -32791,7 +32791,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiAuthenticator cves: @@ -32820,7 +32820,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiCASB cves: @@ -32849,7 +32849,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiConvertor cves: @@ -32878,7 +32878,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiDeceptor cves: @@ -32907,7 +32907,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Agent cves: @@ -32936,7 +32936,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiEDR Cloud cves: @@ -32965,7 +32965,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGate Cloud cves: @@ -32994,7 +32994,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiGSLB Cloud cves: @@ -33023,7 +33023,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiMail cves: @@ -33052,7 +33052,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager cves: @@ -33081,7 +33081,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiManager Cloud cves: @@ -33110,7 +33110,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -33139,7 +33139,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiNAC cves: @@ -33168,7 +33168,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiOS (includes FortiGate & FortiWiFi) cves: @@ -33197,7 +33197,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPhish Cloud cves: @@ -33226,7 +33226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPolicy cves: @@ -33255,7 +33255,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiPortal cves: @@ -33284,7 +33284,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiRecorder cves: @@ -33313,7 +33313,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSIEM cves: @@ -33342,7 +33342,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSOAR cves: @@ -33371,7 +33371,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwicth Cloud in FortiLANCloud cves: @@ -33400,7 +33400,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiSwitch & FortiSwitchManager cves: @@ -33429,7 +33429,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiToken Cloud cves: @@ -33458,7 +33458,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiVoice cves: @@ -33487,7 +33487,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: FortiWeb Cloud cves: @@ -33516,7 +33516,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet product: ShieldX cves: @@ -33545,7 +33545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FTAPI product: '' cves: @@ -33574,7 +33574,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fujitsu product: '' cves: @@ -33603,7 +33603,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth product: FusionAuth cves: @@ -33633,7 +33633,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GE Digital product: '' cves: @@ -33900,7 +33900,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys product: '' cves: @@ -33929,7 +33929,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer product: '' cves: @@ -33958,7 +33958,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gerrit code review product: '' cves: @@ -33987,7 +33987,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GFI product: '' cves: @@ -34016,7 +34016,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra product: '' cves: @@ -34045,7 +34045,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -34135,7 +34135,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus product: '' cves: @@ -34164,7 +34164,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:52+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere product: Gateway cves: @@ -38287,7 +38287,7 @@ software: notes: Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise cves: @@ -38317,7 +38317,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Build Cache Node cves: @@ -38347,7 +38347,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gradle product: Gradle Enterprise Test Distribution Agent cves: @@ -38377,7 +38377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana product: '' cves: @@ -38406,7 +38406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream product: '' cves: @@ -38435,7 +38435,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -38465,7 +38465,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Access Management cves: @@ -38495,7 +38495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Alert Engine cves: @@ -38525,7 +38525,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Alert Engine cves: @@ -38555,7 +38555,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: API Management cves: @@ -38585,7 +38585,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: API Management cves: @@ -38615,7 +38615,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee product: Cockpit cves: @@ -38645,7 +38645,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravitee.io product: '' cves: @@ -38674,7 +38674,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gravwell product: '' cves: @@ -38703,7 +38703,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Graylog product: Graylog Server cves: @@ -38733,7 +38733,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot product: '' cves: @@ -38762,7 +38762,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GSA product: Cloud.gov cves: @@ -38820,7 +38820,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HAProxy product: '' cves: @@ -38849,7 +38849,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HarmanPro AMX product: '' cves: @@ -38878,7 +38878,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Boundary cves: @@ -38907,7 +38907,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul cves: @@ -38936,7 +38936,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Consul Enterprise cves: @@ -38965,7 +38965,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad cves: @@ -38994,7 +38994,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Nomad Enterprise cves: @@ -39023,7 +39023,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Packer cves: @@ -39052,7 +39052,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform cves: @@ -39081,7 +39081,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Terraform Enterprise cves: @@ -39110,7 +39110,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vagrant cves: @@ -39139,7 +39139,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault cves: @@ -39168,7 +39168,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Vault Enterprise cves: @@ -39197,7 +39197,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HashiCorp product: Waypoint cves: @@ -39226,7 +39226,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HCL Software product: BigFix Compliance cves: @@ -39465,7 +39465,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HENIX product: Squash TM cves: @@ -39526,7 +39526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hikvision product: '' cves: @@ -39555,7 +39555,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: 3rd party - Elastic Search, Kibana cves: @@ -39742,7 +39742,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hitachi Energy product: FOXMAN-UN cves: @@ -40149,7 +40149,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HMS Industrial Networks AB product: Cosy, Flexy and Ewon CD cves: @@ -40823,7 +40823,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: HP product: Teradici Cloud Access Controller cves: @@ -44204,7 +44204,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -44775,7 +44775,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Hubspot product: '' cves: @@ -44804,7 +44804,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: I-Net software product: '' cves: @@ -44833,7 +44833,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: I2P product: '' cves: @@ -44862,7 +44862,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBA-AG product: '' cves: @@ -44891,7 +44891,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ibexa product: '' cves: @@ -44920,7 +44920,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Analytics Engine cves: @@ -45238,7 +45238,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: BigFix Inventory cves: @@ -45269,7 +45269,7 @@ software: of log4j is included. Version is included in the name of the library. references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Block Storage cves: @@ -47999,7 +47999,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Mass Data Migration cves: @@ -48609,7 +48609,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Robotic Process Automation cves: @@ -48811,7 +48811,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IBM product: Spectrum Archive Library Edition cves: @@ -50464,7 +50464,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IGEL product: '' cves: @@ -50493,7 +50493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ignite Realtime product: '' cves: @@ -50522,7 +50522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iGrafx product: '' cves: @@ -50551,7 +50551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illuminated Cloud product: '' cves: @@ -50580,7 +50580,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Illumio product: C-VEN cves: @@ -50986,7 +50986,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Imperva product: '' cves: @@ -51015,7 +51015,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Inductive Automation product: Ignition cves: @@ -51075,7 +51075,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: infinidat product: '' cves: @@ -51104,7 +51104,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: InfluxData product: '' cves: @@ -51133,7 +51133,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Infoblox product: '' cves: @@ -51162,7 +51162,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Informatica product: '' cves: @@ -51191,7 +51191,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instana product: '' cves: @@ -51220,7 +51220,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Instructure product: '' cves: @@ -51249,7 +51249,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:53+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intel product: Audio Development Kit cves: @@ -51629,7 +51629,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Intland product: codebeamer cves: @@ -51661,7 +51661,7 @@ software: and [21.09](https://codebeamer.com/cb/wiki/19418497), but not yet for [21.04](https://codebeamer.com/cb/wiki/16937839) references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: IPRO product: Netgovern cves: @@ -51689,7 +51689,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: iRedMail product: '' cves: @@ -51718,7 +51718,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ironnet product: '' cves: @@ -51747,7 +51747,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ISLONLINE product: '' cves: @@ -51776,7 +51776,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ivanti product: Application Control for Linux cves: @@ -53977,7 +53977,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf product: Jamf Pro cves: @@ -54007,7 +54007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Janitza product: GridVis cves: @@ -54066,7 +54066,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jedox product: '' cves: @@ -54095,7 +54095,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: CI/CD Core cves: @@ -54123,7 +54123,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins product: Plugins cves: @@ -54183,7 +54183,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jetbrains product: Code With Me cves: @@ -54213,7 +54213,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Datalore cves: @@ -54243,7 +54243,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Floating license server cves: @@ -54273,7 +54273,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Gateway cves: @@ -54303,7 +54303,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Hub cves: @@ -54333,7 +54333,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, @@ -54365,7 +54365,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Kotlin cves: @@ -54395,7 +54395,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Ktor cves: @@ -54425,7 +54425,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: MPS cves: @@ -54455,7 +54455,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: Space cves: @@ -54485,7 +54485,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: TeamCity cves: @@ -54515,7 +54515,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: ToolBox cves: @@ -54545,7 +54545,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: UpSource cves: @@ -54575,7 +54575,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: YouTrack InCloud cves: @@ -54605,7 +54605,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains product: YouTrack Standalone cves: @@ -54635,7 +54635,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: JFROG product: '' cves: @@ -54664,7 +54664,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitsi product: '' cves: @@ -54693,7 +54693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitterbit product: '' cves: @@ -54722,7 +54722,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Johnson Controls product: BCPro cves: @@ -55591,7 +55591,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: jPOS product: (ISO-8583) bridge cves: @@ -55621,7 +55621,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jump Desktop product: '' cves: @@ -55650,7 +55650,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks product: '' cves: @@ -55679,7 +55679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Justice Systems product: '' cves: @@ -55708,7 +55708,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K15t product: '' cves: @@ -55737,7 +55737,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 product: '' cves: @@ -55766,7 +55766,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Karakun product: '' cves: @@ -55795,7 +55795,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya product: '' cves: @@ -55824,7 +55824,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Keeper Security product: '' cves: @@ -55853,7 +55853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP product: '' cves: @@ -55882,7 +55882,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: KEMP 2 product: '' cves: @@ -55911,7 +55911,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' cves: @@ -55940,7 +55940,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta product: '' cves: @@ -55969,7 +55969,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG product: '' cves: @@ -55998,7 +55998,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna product: '' cves: @@ -56027,7 +56027,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L-Soft product: '' cves: @@ -56056,7 +56056,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: L3Harris Geospatial product: '' cves: @@ -56085,7 +56085,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lancom Systems product: '' cves: @@ -56114,7 +56114,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lansweeper product: '' cves: @@ -56143,7 +56143,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Laserfiche product: '' cves: @@ -56172,7 +56172,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LastPass product: '' cves: @@ -56201,7 +56201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LaunchDarkly product: '' cves: @@ -56230,7 +56230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leanix product: '' cves: @@ -56259,7 +56259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Leica BIOSYSTEMS product: Aperio AT2 cves: @@ -58439,7 +58439,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Let's Encrypt product: '' cves: @@ -58468,7 +58468,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LibreNMS product: '' cves: @@ -58497,7 +58497,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeRay product: '' cves: @@ -58526,7 +58526,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LifeSize product: '' cves: @@ -58555,7 +58555,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lightbend product: '' cves: @@ -58584,7 +58584,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lime CRM product: '' cves: @@ -58613,7 +58613,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LIONGARD product: '' cves: @@ -58642,7 +58642,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiquidFiles product: '' cves: @@ -58671,7 +58671,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LiveAction product: '' cves: @@ -58700,7 +58700,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Loftware product: '' cves: @@ -58729,7 +58729,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LOGalyze product: SIEM & log analyzer tool cves: @@ -58790,7 +58790,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogicMonitor product: LogicMonitor Platform cves: @@ -58819,7 +58819,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogMeIn product: '' cves: @@ -58848,7 +58848,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: @@ -58877,7 +58877,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Looker product: Looker cves: @@ -58912,7 +58912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LucaNet product: '' cves: @@ -58941,7 +58941,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lucee product: '' cves: @@ -58970,7 +58970,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Lyrasis product: Fedora Repository cves: @@ -59033,7 +59033,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Maltego product: '' cves: @@ -59062,7 +59062,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine product: AD SelfService Plus cves: @@ -59150,7 +59150,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ManageEngine Zoho product: ADAudit Plus cves: @@ -59527,7 +59527,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MathWorks product: All MathWorks general release desktop or server products cves: @@ -59645,7 +59645,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mattermost FocalBoard product: '' cves: @@ -59674,7 +59674,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: McAfee product: Data Exchange Layer (DXL) Client cves: @@ -60550,7 +60550,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MEINBERG product: LANTIME and microSync cves: @@ -60608,7 +60608,7 @@ software: notes: Project is written in Python references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Memurai product: '' cves: @@ -60705,7 +60705,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Application Gateway cves: @@ -60734,7 +60734,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -60764,7 +60764,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Data lake store java cves: @@ -60794,7 +60794,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure DevOps cves: @@ -60823,7 +60823,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure DevOps Server cves: @@ -60853,7 +60853,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Azure Traffic Manager cves: @@ -60882,7 +60882,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microsoft product: Team Foundation Server cves: @@ -60912,7 +60912,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Microstrategy product: '' cves: @@ -60999,7 +60999,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Milestone sys product: '' cves: @@ -61028,7 +61028,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mimecast product: '' cves: @@ -61057,7 +61057,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Minecraft product: '' cves: @@ -61086,7 +61086,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mirantis product: '' cves: @@ -61115,7 +61115,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Miro product: '' cves: @@ -61144,7 +61144,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mitel product: '' cves: @@ -61173,7 +61173,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MMM Group product: Control software of all MMM series cves: @@ -61261,7 +61261,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Atlas Search cves: @@ -61290,7 +61290,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Community Edition (including Community Server, Cloud Manager, Community Kubernetes Operators) @@ -61320,7 +61320,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Drivers cves: @@ -61349,7 +61349,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Enterprise Advanced (including Enterprise Server, Ops Manager, Enterprise Kubernetes Operators) @@ -61379,7 +61379,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Realm (including Realm Database, Sync, Functions, APIs) cves: @@ -61408,7 +61408,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MongoDB product: MongoDB Tools (including Compass, Database Shell, VS Code Plugin, Atlas CLI, Database Connectors) @@ -61438,7 +61438,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Moodle product: '' cves: @@ -61467,7 +61467,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: MoogSoft product: '' cves: @@ -61496,7 +61496,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Motorola Avigilon product: '' cves: @@ -61587,7 +61587,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Mulesoft product: Anypoint Studio cves: @@ -61740,7 +61740,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nagios product: '' cves: @@ -61769,7 +61769,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NAKIVO product: '' cves: @@ -61798,7 +61798,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: National Instruments product: OptimalPlus cves: @@ -61890,7 +61890,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netcup product: '' cves: @@ -61919,7 +61919,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NetGate PFSense product: '' cves: @@ -61948,7 +61948,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Netwrix product: '' cves: @@ -61977,7 +61977,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: New Relic product: Containerized Private Minion (CPM) cves: @@ -62068,7 +62068,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nextflow product: Nextflow cves: @@ -62156,7 +62156,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NinjaRMM product: '' cves: @@ -62186,7 +62186,7 @@ software: by CISA references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nomachine product: '' cves: @@ -62215,7 +62215,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NoviFlow product: '' cves: @@ -62244,7 +62244,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog cves: @@ -62274,7 +62274,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Backlog Enterprise (On-premises) cves: @@ -62304,7 +62304,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo cves: @@ -62334,7 +62334,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Cacoo Enterprise (On-premises) cves: @@ -62364,7 +62364,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nulab product: Typetalk cves: @@ -62394,7 +62394,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Nutanix product: AHV cves: @@ -63466,7 +63466,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: NXLog product: '' cves: @@ -63495,7 +63495,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Objectif Lune product: '' cves: @@ -63524,7 +63524,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OCLC product: '' cves: @@ -63553,7 +63553,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Octopus product: '' cves: @@ -63582,7 +63582,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Okta product: Advanced Server Access cves: @@ -63932,7 +63932,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Opengear product: '' cves: @@ -63961,7 +63961,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenMRS TALK product: '' cves: @@ -63990,7 +63990,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenNMS product: '' cves: @@ -64019,7 +64019,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenSearch product: '' cves: @@ -64048,7 +64048,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OpenText product: '' cves: @@ -64325,7 +64325,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PAM cves: @@ -64354,7 +64354,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PEM cves: @@ -64383,7 +64383,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Osirium product: PPA cves: @@ -64412,7 +64412,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OTRS product: '' cves: @@ -64441,7 +64441,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OVHCloud product: '' cves: @@ -64470,7 +64470,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OwnCloud product: '' cves: @@ -64499,7 +64499,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: OxygenXML product: Author cves: @@ -64877,8 +64877,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: QF-Test - product: '' + - vendor: Palantir + product: Palantir AI Inference Platform (AIP) cves: cve-2021-4104: investigated: false @@ -64886,9 +64886,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -64901,13 +64902,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: Fully remediated as of 1.97.0. Disconnected customer instances may require + manual updates. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Qlik - product: '' + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Apollo cves: cve-2021-4104: investigated: false @@ -64915,10 +64917,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -64930,13 +64933,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact, and updates have been deployed for full remediation. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Foundry cves: cve-2021-4104: investigated: false @@ -64945,9 +64948,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.4+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -64960,13 +64963,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: Update to v. 2.8.2 which contains log4j 2.16 + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Appointment Booking + last_updated: '2021-12-19T00:00:00' + - vendor: Palantir + product: Palantir Gotham cves: cve-2021-4104: investigated: false @@ -64975,9 +64980,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Cloud/Managed Service - fixed_versions: [] + affected_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -64990,13 +64995,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-15 + - https://www.palantir.com/security-advisories/log4j-vulnerability/ + notes: No impact to Palantir-hosted or Apollo-connected instances, and updates + have been deployed for full remediation. Disconnected customer instances may + require manual updates. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Insights + last_updated: '2021-12-19T00:00:00' + - vendor: Palo-Alto Networks + product: Bridgecrew cves: cve-2021-4104: investigated: false @@ -65004,9 +65011,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Cloud + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -65020,13 +65026,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability - notes: log4j 2.16 applied 2021-12-16 + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QMATIC - product: Orchestra Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: CloudGenix cves: cve-2021-4104: investigated: false @@ -65034,11 +65040,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 6.0+ + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -65050,13 +65055,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: QNAP - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Data Lake cves: cve-2021-4104: investigated: false @@ -65079,13 +65084,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QOPPA - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XDR Agent cves: cve-2021-4104: investigated: false @@ -65108,13 +65113,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QSC Q-SYS - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex Xpanse cves: cve-2021-4104: investigated: false @@ -65137,13 +65142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: QT - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Cortex XSOAR cves: cve-2021-4104: investigated: false @@ -65166,13 +65171,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Quest Global - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Expedition cves: cve-2021-4104: investigated: false @@ -65195,13 +65200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Runecast - product: Runecast Analyzer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: GlobalProtect App cves: cve-2021-4104: investigated: false @@ -65209,10 +65214,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 6.0.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -65225,13 +65229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.runecast.com/release-notes + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAE-IT - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: IoT Security cves: cve-2021-4104: investigated: false @@ -65254,13 +65258,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAFE FME Server - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Okyo Grade cves: cve-2021-4104: investigated: false @@ -65283,13 +65287,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAGE - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Firewall and Wildfire cves: cve-2021-4104: investigated: false @@ -65312,13 +65316,47 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 + - https://security.paloaltonetworks.com/CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SailPoint - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-OS for Panorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '9.0' + - '9.1' + - '10.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will + be updated when hot fixes for the affected Panorama versions are available. + PAN-OS for Panorama versions 8.1, 10.1 are not affected. + last_updated: '2021-12-15T00:00:00' + - vendor: Palo-Alto Networks + product: Prisma Access cves: cve-2021-4104: investigated: false @@ -65341,14 +65379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Salesforce - product: Analytics Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud cves: cve-2021-4104: investigated: false @@ -65371,15 +65408,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services - have been updated to mitigate the issues identified in CVE-2021-44228 and we - are executing our final validation steps."' + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: B2C Commerce Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma Cloud Compute cves: cve-2021-4104: investigated: false @@ -65402,14 +65437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The - service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: ClickSoftware (As-a-Service) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: SaaS Security cves: cve-2021-4104: investigated: false @@ -65432,14 +65466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. - The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: ClickSoftware (On-Premise) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: User-ID Agent cves: cve-2021-4104: investigated: false @@ -65462,13 +65495,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Community Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Appliance cves: cve-2021-4104: investigated: false @@ -65491,14 +65524,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Data.com + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: WildFire Cloud cves: cve-2021-4104: investigated: false @@ -65521,15 +65553,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: DataLoader + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panopto + product: '' cves: cve-2021-4104: investigated: false @@ -65537,10 +65567,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - <=53.0.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -65553,13 +65582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 + - https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Salesforce - product: Datorama + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut MF cves: cve-2021-4104: investigated: false @@ -65567,10 +65596,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -65582,15 +65644,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://www.papercut.com/support/known-issues/?id=PO-684#ng + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Evergage (Interaction Studio) + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: '' cves: cve-2021-4104: investigated: false @@ -65613,15 +65675,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. - Services have been updated to mitigate the issues identified in CVE-2021-44228 - and we are executing our final validation steps."' + - https://kb.parallels.com/en/128696 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Force.com + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Parse.ly + product: '' cves: cve-2021-4104: investigated: false @@ -65644,14 +65704,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is - being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://blog.parse.ly/parse-ly-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Heroku + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX cves: cve-2021-4104: investigated: false @@ -65674,14 +65733,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action - is necessary at this time."' + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Marketing Cloud + last_updated: '2021-12-22T00:00:00' + - vendor: Pega + product: '' cves: cve-2021-4104: investigated: false @@ -65704,14 +65763,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: MuleSoft (Cloud) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pentaho + product: '' cves: cve-2021-4104: investigated: false @@ -65734,14 +65792,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: MuleSoft (On-Premise) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: '' cves: cve-2021-4104: investigated: false @@ -65764,13 +65821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + - https://www.pepperl-fuchs.com/global/en/29079.htm + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Pardot + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: '' cves: cve-2021-4104: investigated: false @@ -65793,14 +65850,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being - updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.percona.com/blog/log4jshell-vulnerability-update/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Sales Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: '' cves: cve-2021-4104: investigated: false @@ -65823,14 +65879,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Service Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: '' cves: cve-2021-4104: investigated: false @@ -65853,14 +65908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Slack + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Multiple products cves: cve-2021-4104: investigated: false @@ -65883,15 +65937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a - mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://www.philips.com/a-w/security/security-advisories.html + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Social Studio + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -65914,15 +65966,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service - has a mitigation in place and is being updated to remediate the vulnerability - identified in CVE-2021-44228."' + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: Partly affected. Remediations are being implemented. references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Salesforce - product: Tableau (On-Premise) + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware cves: cve-2021-4104: investigated: false @@ -65930,10 +65980,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - < 2021.4.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -65946,13 +65995,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Fixed in 2021.4.1 + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Salesforce - product: Tableau (Online) + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products cves: cve-2021-4104: investigated: false @@ -65975,14 +66024,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Samsung Electronics America - product: Knox Admin Portal + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess cves: cve-2021-4104: investigated: false @@ -65991,29 +66039,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 4.0 <= version <= 6.3.2 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Asset Intelligence + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral cves: cve-2021-4104: investigated: false @@ -66021,61 +66068,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services - notes: '' - references: - - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Configure - cves: - cve-2021-4104: + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox E-FOTA One + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate cves: cve-2021-4104: investigated: false @@ -66084,29 +66098,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 8.0 <= version <= 10.3.4 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Guard + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit cves: cve-2021-4104: investigated: false @@ -66115,29 +66128,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - < 2.7.2 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox License Management + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground cves: cve-2021-4104: investigated: false @@ -66146,29 +66158,28 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - < 4.3.1 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Manage + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence cves: cve-2021-4104: investigated: false @@ -66176,16 +66187,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -66193,13 +66202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Managed Services Provider (MSP) + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: '' cves: cve-2021-4104: investigated: false @@ -66207,30 +66216,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Mobile Enrollment + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: '' cves: cve-2021-4104: investigated: false @@ -66238,30 +66245,28 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Samsung Electronics America - product: Knox Reseller Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: '' cves: cve-2021-4104: investigated: false @@ -66269,16 +66274,14 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45105: investigated: false @@ -66286,12 +66289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services - notes: '' + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-17T00:00:00' - - vendor: Sangoma + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH product: '' cves: cve-2021-4104: @@ -66315,12 +66319,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sangoma.com/community/s/article/Log4Shell + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SAP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk product: '' cves: cve-2021-4104: @@ -66344,14 +66348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP Advanced Platform - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT cves: cve-2021-4104: investigated: false @@ -66374,13 +66377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://launchpad.support.sap.com/#/notes/3130698 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAP BusinessObjects + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom product: '' cves: cve-2021-4104: @@ -66404,13 +66407,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ - notes: The support document is available to customers only and has not been reviewed - by CISA + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer product: '' cves: cve-2021-4104: @@ -66434,12 +66436,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SASSAFRAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger product: '' cves: cve-2021-4104: @@ -66463,12 +66465,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Savignano software solutions + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PostGreSQL product: '' cves: cve-2021-4104: @@ -66492,13 +66494,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SBT - product: SBT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: '' cves: cve-2021-4104: investigated: false @@ -66506,9 +66508,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - <1.5.6 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66522,13 +66523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/sbt/sbt/releases/tag/v1.5.7 + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: ScaleComputing - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight cves: cve-2021-4104: investigated: false @@ -66536,10 +66537,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -66550,15 +66552,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability - notes: This advisory is available to customers only and has not been reviewed - by CISA + vendor_links: [] + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: ScaleFusion MobileLock Pro - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor cves: cve-2021-4104: investigated: false @@ -66566,10 +66566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -66580,14 +66581,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + vendor_links: [] notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Schneider Electric - product: EASYFIT + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor cves: cve-2021-4104: investigated: false @@ -66596,10 +66596,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Current software and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - NONE cve-2021-45046: investigated: false affected_versions: [] @@ -66610,14 +66610,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + vendor_links: [] notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Ecoreal XL + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: '' cves: cve-2021-4104: investigated: false @@ -66625,9 +66624,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66641,13 +66639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://pretix.eu/about/de/blog/20211213-log4j/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Expert + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: '' cves: cve-2021-4104: investigated: false @@ -66655,10 +66653,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -66670,13 +66667,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: EcoStruxure IT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress / IpSwitch + product: '' cves: cve-2021-4104: investigated: false @@ -66684,10 +66682,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - V1.5.0 to V1.13.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -66700,13 +66697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + - https://www.progress.com/security notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Eurotherm Data Reviewer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: '' cves: cve-2021-4104: investigated: false @@ -66714,9 +66711,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - V3.0.2 and prior + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66730,13 +66726,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ - notes: '' + - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Facility Expert Small Business + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProSeS + product: '' cves: cve-2021-4104: investigated: false @@ -66744,10 +66741,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -66760,13 +66756,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: MSE + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: '' cves: cve-2021-4104: investigated: false @@ -66774,9 +66770,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66790,13 +66785,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://prosysopc.com/news/important-security-release/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NetBotz750/755 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: '' cves: cve-2021-4104: investigated: false @@ -66804,9 +66799,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Software versions 5.0 through 5.3.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66820,13 +66814,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: NEW630 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: '' cves: cve-2021-4104: investigated: false @@ -66834,9 +66828,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66850,13 +66843,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK BOM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -66866,7 +66859,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - 6.9.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66880,13 +66873,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-Docgen + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Analytics cves: cve-2021-4104: investigated: false @@ -66896,7 +66889,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66910,13 +66907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-TNC + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingsWorx Platform cves: cve-2021-4104: investigated: false @@ -66926,7 +66923,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - Current software and earlier + - '8.5' + - '9.0' + - '9.1' + - '9.2' + - All supported versions fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66940,13 +66941,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://www.ptc.com/en/support/article/CS358901 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK-UMS + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: '' cves: cve-2021-4104: investigated: false @@ -66954,9 +66955,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -66970,13 +66970,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D2DRenderer + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Connect Secure (ICS) cves: cve-2021-4104: investigated: false @@ -66984,9 +66984,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67000,13 +66999,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SDK3D360Widget + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -67014,9 +67013,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67030,13 +67028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Select and Config DATA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for secure Access cves: cve-2021-4104: investigated: false @@ -67044,9 +67042,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67060,13 +67057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-API + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -67074,9 +67071,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67090,13 +67086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNC-CMM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Ivanti Neurons for ZTA cves: cve-2021-4104: investigated: false @@ -67104,9 +67100,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67120,13 +67115,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SNCSEMTECH + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Connect Secure cves: cve-2021-4104: investigated: false @@ -67134,9 +67129,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67150,13 +67144,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SPIMV3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Desktop Client cves: cve-2021-4104: investigated: false @@ -67164,9 +67158,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67180,13 +67173,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEditor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Mobile Client cves: cve-2021-4104: investigated: false @@ -67194,9 +67187,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67210,13 +67202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: SWBEngine + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse One cves: cve-2021-4104: investigated: false @@ -67224,9 +67216,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Current software and earlier + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67240,13 +67231,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.se.com/us/en/download/document/7EN52-0390/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schneider Electric - product: Wiser by SE platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Policy Secure cves: cve-2021-4104: investigated: false @@ -67254,10 +67245,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -67269,13 +67259,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Schweitzer Engineering Laboratories - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Services Director cves: cve-2021-4104: investigated: false @@ -67298,42 +67289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://selinc.com/support/security-notifications/ + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SCM Manager - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: ScreenBeam - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Virtual Traffic Manager cves: cve-2021-4104: investigated: false @@ -67356,13 +67318,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SDL worldServer - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse Secure Web Application Firewall cves: cve-2021-4104: investigated: false @@ -67385,13 +67347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Seagull Scientific - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pulse Secure + product: Pulse ZTA cves: cve-2021-4104: investigated: false @@ -67414,12 +67376,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability + - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SecurePoint + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet product: '' cves: cve-2021-4104: @@ -67443,12 +67405,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Security Onion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage product: '' cves: cve-2021-4104: @@ -67472,13 +67434,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) + notes: This advisory is available for customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Securonix - product: Extended Detection and Response (XDR) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pure Storage + product: Cloud Blockstore cves: cve-2021-4104: investigated: false @@ -67488,7 +67451,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - CBS6.1.x + - CBS6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67502,13 +67466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/27/2021 references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Next Gen SIEM + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Flash Array cves: cve-2021-4104: investigated: false @@ -67518,7 +67482,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67532,13 +67499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/20/2021 references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: Security Analytics and Operations Platform (SOAR) + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: FlashBlade cves: cve-2021-4104: investigated: false @@ -67548,36 +67515,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 - references: - - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: SNYPR Application - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] + - 3.1.x + - 3.2.x + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67591,13 +67531,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf - notes: '' + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: Patch expected 12/24/2021 references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Securonix - product: User and Entity Behavior Analytics(UEBA) + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: PortWorx cves: cve-2021-4104: investigated: false @@ -67607,7 +67547,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All + - 2.8.0+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67621,13 +67561,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf - notes: Patching ongoing as of 12/10/2021 + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Seeburger - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pure Storage + product: Pure1 cves: cve-2021-4104: investigated: false @@ -67635,9 +67575,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - N/A unaffected_versions: [] cve-2021-45046: investigated: false @@ -67650,13 +67591,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open - notes: This advisory is available to customers only and has not been reviewed - by CISA. + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SentinelOne + last_updated: '2021-12-15T00:00:00' + - vendor: Pyramid Analytics product: '' cves: cve-2021-4104: @@ -67680,12 +67620,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ + - https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sentry + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QF-Test product: '' cves: cve-2021-4104: @@ -67709,12 +67649,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SEP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik product: '' cves: cve-2021-4104: @@ -67738,13 +67678,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Server Eye - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -67752,8 +67692,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.4+ fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67767,13 +67708,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: Update to v. 2.8.2 which contains log4j 2.16 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: ServiceNow - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Appointment Booking cves: cve-2021-4104: investigated: false @@ -67781,8 +67722,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Cloud/Managed Service fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67796,13 +67738,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-15 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Shibboleth - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Insights cves: cve-2021-4104: investigated: false @@ -67810,8 +67752,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Cloud fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -67825,13 +67768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://shibboleth.net/pipermail/announce/2021-December/000253.html - notes: '' + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability + notes: log4j 2.16 applied 2021-12-16 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Shibboleth - product: All Products + last_updated: '2021-12-21T00:00:00' + - vendor: QMATIC + product: Orchestra Central cves: cve-2021-4104: investigated: false @@ -67843,8 +67786,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Identity Provider>=3.0 - - All other software versions + - 6.0+ cve-2021-45046: investigated: false affected_versions: [] @@ -67856,12 +67798,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://shibboleth.net/pipermail/announce/2021-December/000253.html + - https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-10T00:00:00' - - vendor: Shopify + last_updated: '2021-12-21T00:00:00' + - vendor: QNAP product: '' cves: cve-2021-4104: @@ -67885,12 +67827,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Siebel + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOPPA product: '' cves: cve-2021-4104: @@ -67914,73 +67856,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + - https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens - product: Affected Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' - references: - - '' - last_updated: '2021-12-19T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QSC Q-SYS + product: '' cves: cve-2021-4104: investigated: false @@ -68003,14 +67885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QT + product: '' cves: cve-2021-4104: investigated: false @@ -68033,14 +67914,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability + notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Siemens Energy - product: Affected Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest Global + product: '' cves: cve-2021-4104: investigated: false @@ -68063,14 +67943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf - notes: 'Siemens requests: See pdf for the complete list of affected products, - CSAF for automated parsing of data' + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Siemens Healthineers - product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: R + product: R cves: cve-2021-4104: investigated: false @@ -68078,10 +67957,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 4.1.1 cve-2021-45046: investigated: false affected_versions: [] @@ -68093,15 +67973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your Atellica Data Manager has a “Java communication - engine” service, and you require an immediate mitigation, then please contact - your Siemens Customer Care Center or your local Siemens technical support representative. + - https://www.r-project.org/ + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: CENTRALINK v16.0.2 / v16.0.3 + last_updated: '2021-12-21T00:00:00' + - vendor: R2ediviewer + product: '' cves: cve-2021-4104: investigated: false @@ -68124,15 +68002,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: If you have determined that your CentraLink has a “Java communication engine” - service, and you require a mitigation, then please contact your Siemens Customer - Care Center or your local Siemens technical support representative. + - https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Flow S1 / Alpha / Spin VA30 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Radware + product: '' cves: cve-2021-4104: investigated: false @@ -68155,13 +68031,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://support.radware.com/app/answers/answer_view/a_id/1029752 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Cios Select FD/I.I. VA21 / VA21-S3P + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rapid7 + product: AlcidekArt, kAdvisor, and kAudit cves: cve-2021-4104: investigated: false @@ -68169,10 +68045,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68184,13 +68061,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: DICOM Proxy VB10A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Enterprise cves: cve-2021-4104: investigated: false @@ -68198,10 +68075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68213,13 +68091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.All, Som10 VA20 / VA30 / VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: AppSpider Pro cves: cve-2021-4104: investigated: false @@ -68227,10 +68105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68242,14 +68121,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Fit, Som10 VA30 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Insight Agent cves: cve-2021-4104: investigated: false @@ -68257,10 +68135,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68272,14 +68151,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -68287,10 +68165,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68302,14 +68181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Open Pro, Som10 VA30 / VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightAppSec Scan Engine cves: cve-2021-4104: investigated: false @@ -68317,10 +68195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68332,14 +68211,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Sim, Som10 VA30 / VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightCloudSec/DivvyCloud cves: cve-2021-4104: investigated: false @@ -68347,10 +68225,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68362,14 +68241,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightConnect Orchestrator cves: cve-2021-4104: investigated: false @@ -68377,10 +68255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68392,14 +68271,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR Network Sensor cves: cve-2021-4104: investigated: false @@ -68407,10 +68285,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68422,15 +68301,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA - 3T NUMARIS/X VA30A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightIDR/InsightOps Collector & Event Sources cves: cve-2021-4104: investigated: false @@ -68438,10 +68315,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68453,15 +68331,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Altea NUMARIS/X VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps DataHub cves: cve-2021-4104: investigated: false @@ -68469,8 +68345,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - InsightOps DataHub <= 2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68484,16 +68361,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [DataHub to version 2.0.1](https://rep.logentries.com/datahub/DataHub_2.0.1.deb) + using the [following instructions](https://docs.rapid7.com/insightops/setting-up-datahub/). references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X - VA31A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps non-Java logging libraries cves: cve-2021-4104: investigated: false @@ -68501,10 +68376,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68516,15 +68392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Amira NUMARIS/X VA12M + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightOps r7insight_java logging library cves: cve-2021-4104: investigated: false @@ -68532,8 +68406,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <=3.0.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68547,15 +68422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Upgrade [r7insight_java](https://github.com/rapid7/r7insight_java) to 3.0.9 references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Free.Max NUMARIS/X VA40 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM Kubernetes Monitor cves: cve-2021-4104: investigated: false @@ -68563,10 +68436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68578,15 +68452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Lumina NUMARIS/X VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose cves: cve-2021-4104: investigated: false @@ -68594,10 +68466,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68609,15 +68482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sempra NUMARIS/X VA12M + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Console cves: cve-2021-4104: investigated: false @@ -68625,10 +68496,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68640,15 +68512,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola fit NUMARIS/X VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: InsightVM/Nexpose Engine cves: cve-2021-4104: investigated: false @@ -68656,10 +68528,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68671,15 +68544,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Installations of the InsightVM/Nexpose have “log4j-over-slf4j-1.7.7.jar” + packaged in them. This is a different library than log4j-core and is not vulnerable + to Log4Shell. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Sola NUMARIS/X VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: IntSights virtual appliance cves: cve-2021-4104: investigated: false @@ -68687,10 +68560,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68702,15 +68576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida fit NUMARIS/X VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries DataHub cves: cve-2021-4104: investigated: false @@ -68718,8 +68590,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Linux version <= 1.2.0.820; Windows version <= 1.2.0.820 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68733,15 +68606,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: 'Linux: Install DataHub_1.2.0.822.deb using the following [instructions](https://docs.logentries.com/docs/datahub-linux). + Windows: Run version 1.2.0.822 in a Docker container or as a Java command per + these [instructions](https://docs.logentries.com/docs/datahub-windows). You + can find more details [here](https://docs.logentries.com/docs/datahub-linux).' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Logentries le_java logging library cves: cve-2021-4104: investigated: false @@ -68749,8 +68623,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All versions: this is a deprecated component' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -68764,15 +68639,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'LOG4J is used in the context of the help system. Workaround: close port - 8090 for standalone systems. Setup IP whitelisting for "need to access" systems - to network port 8090 in case a second console is connected.' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Migrate to version 3.0.9 of [r7insight_java](https://github.com/rapid7/r7insight_java) references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Framework cves: cve-2021-4104: investigated: false @@ -68780,10 +68653,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68795,13 +68669,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Emotion Som5 VC50 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Metasploit Pro cves: cve-2021-4104: investigated: false @@ -68809,10 +68683,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68824,13 +68699,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: Metasploit Pro ships with log4j but has specific configurations applied + to it that mitigate Log4Shell. A future update will contain a fully patched + version of log4j. references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Somatom Scope Som5 VC50 + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: tCell Java Agent cves: cve-2021-4104: investigated: false @@ -68838,10 +68715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68853,13 +68731,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: evaluation ongoing + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + last_updated: '2021-12-15T00:00:00' + - vendor: Rapid7 + product: Velociraptor cves: cve-2021-4104: investigated: false @@ -68867,10 +68745,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - on-prem cve-2021-45046: investigated: false affected_versions: [] @@ -68882,13 +68761,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://www.rapid7.com/blog/post/2021/12/14/update-on-log4shells-impact-on-rapid7-solutions-and-systems/?mkt_tok=NDExLU5BSy05NzAAAAGBVaccW1DOLSfEsfTNwEJksv_1nK1muJSFze-Lle90mKtAO78nSdjwPdzqXskNIi9qZCAGQODD42mYRK4YPlQkjhn38E27HQxFHdHAkypEOsh8 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: Syngo MobileViewer VA10A + last_updated: '2021-12-15T00:00:00' + - vendor: Raritan + product: '' cves: cve-2021-4104: investigated: false @@ -68911,14 +68790,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + - https://www.raritan.com/support + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 - / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ravelin + product: '' cves: cve-2021-4104: investigated: false @@ -68941,14 +68819,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://syslog.ravelin.com/log4shell-cve-2021-44228-4338bb8da67b + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Real-Time Innovations (RTI) + product: Distributed Logger cves: cve-2021-4104: investigated: false @@ -68971,16 +68848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: Please contact your Customer Service to get support on mitigating the vulnerability. + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B - / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 - / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: Recording Console cves: cve-2021-4104: investigated: false @@ -69003,13 +68877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: syngo.via WebViewer VA13B / VA20A / VA20B + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Administration Console cves: cve-2021-4104: investigated: false @@ -69032,13 +68906,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: remove the vulnerable class from the .jar file' + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Ceed Somaris 10 VA40* + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator cves: cve-2021-4104: investigated: false @@ -69061,14 +68935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Siemens Healthineers - product: X.Cite Somaris 10 VA30*/VA40* + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Code Generator Server cves: cve-2021-4104: investigated: false @@ -69091,14 +68964,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 - from other devices by configuration of the hospital network.' + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Sierra Wireless - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -69106,8 +68978,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - as part of RTI Connext Micro 3.0.0 + - 3.0.1 + - 3.0.2 + - 3.0.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69121,13 +68997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sierra Wireless - product: AirVantage and Octave cloud platforms + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Micro Application Generator (MAG) cves: cve-2021-4104: investigated: false @@ -69135,8 +69011,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - as part of RTI Connext Professional 6.0.0 and 6.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69150,14 +69027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs - notes: These systems do not operate with the specific non-standard configuration - required for CVE-2021-25046 and hence were not vulnerable to it. + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sierra Wireless - product: AM/AMM servers + last_updated: '2021-12-16T00:00:00' + - vendor: Real-Time Innovations (RTI) + product: RTI Monitor cves: cve-2021-4104: investigated: false @@ -69180,13 +69056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + - https://community.rti.com/kb/apache-log4j-vulnerability-cve-2021-44228cve-2021-45046-impact-rti-connext-products notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Signald - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: Red Hat + product: log4j-core cves: cve-2021-4104: investigated: false @@ -69209,13 +69085,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/signald/signald/-/issues/259 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Silver Peak - product: Orchestrator, Silver Peak GMS + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel K cves: cve-2021-4104: investigated: false @@ -69238,16 +69114,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf - notes: Customer managed Orchestrator and legacy GMS products are affected by this - vulnerability. This includes on-premise and customer managed instances running - in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective - Action Required for details about how to mitigate this exploit. + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5130](https://access.redhat.com/errata/RHSA-2021:5130)' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: SingleWire - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat build of Quarkus cves: cve-2021-4104: investigated: false @@ -69270,14 +69143,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SISCO - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat CodeReady Studio cves: cve-2021-4104: investigated: false @@ -69285,9 +69157,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 12.21.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -69300,13 +69173,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sisconet.com/sisco-news/log4j/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[CRS 12.21.1 Patch](https://developers.redhat.com/products/codeready-studio/download?source=sso)' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Sitecore - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Data Grid cves: cve-2021-4104: investigated: false @@ -69314,10 +69187,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5132](http://access.redhat.com/errata/RHSA-2021:5132)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Decision Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -69329,13 +69233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Skillable - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -69343,10 +69247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -69358,13 +69263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://skillable.com/log4shell/ + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SLF4J - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -69372,10 +69277,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -69387,13 +69293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - http://slf4j.org/log4shell.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Slurm - product: Slurm + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Enterprise Linux cves: cve-2021-4104: investigated: false @@ -69405,7 +69311,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 20.11.8 + - '8' cve-2021-45046: investigated: false affected_versions: [] @@ -69417,13 +69323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://slurm.schedmd.com/documentation.html + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: SMA Solar Technology AG - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat Integration Camel Quarkus cves: cve-2021-4104: investigated: false @@ -69446,13 +69352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5126](https://access.redhat.com/errata/RHSA-2021:5126)' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: SmartBear - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss A-MQ Streaming cves: cve-2021-4104: investigated: false @@ -69475,13 +69381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://smartbear.com/security/cve-2021-44228/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5138](https://access.redhat.com/errata/RHSA-2021:5138)' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SmileCDR - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform cves: cve-2021-4104: investigated: false @@ -69489,10 +69395,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=appplatform&downloadType=securityPatches&version=7.4)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Enterprise Application Platform Expansion Pack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -69504,13 +69443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sn0m - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: Red Hat + product: Red Hat JBoss Fuse cves: cve-2021-4104: investigated: false @@ -69518,10 +69457,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5134](https://access.redhat.com/errata/RHSA-2021:5134)' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Process Automation + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69533,13 +69503,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: "[Maven Patch](https://access.redhat.com/jbossnetwork/restricted/softwareDetail.html?softwareId=103671&product=rhpam&version=7.11.1&downloadType=patches)\ + \ - Affects only the Mavenized distribution. Container, Zip and RPM distro aren't\ + \ affected." references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snakemake - product: Snakemake + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Red Hat Single Sign-On cves: cve-2021-4104: investigated: false @@ -69551,7 +69523,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.12.1 + - '7' cve-2021-45046: investigated: false affected_versions: [] @@ -69563,13 +69535,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://snakemake.readthedocs.io/en/stable/ + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Snow Software - product: Snow Commander + - vendor: Red Hat + product: Red Hat Vert.X cves: cve-2021-4104: investigated: false @@ -69580,7 +69552,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 8.1 to 8.10.2 + - '4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -69593,13 +69565,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5093](https://access.redhat.com/errata/RHSA-2021:5093)' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snow Software - product: VM Access Proxy + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Satellite 5 cves: cve-2021-4104: investigated: false @@ -69607,10 +69579,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - v3.1 to v3.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -69623,13 +69594,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snowflake - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat + product: Spacewalk cves: cve-2021-4104: investigated: false @@ -69652,13 +69623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + - https://access.redhat.com/security/cve/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Snyk - product: Cloud Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 3.11 + product: openshift3/ose-logging-elasticsearch5 cves: cve-2021-4104: investigated: false @@ -69681,13 +69652,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '[RHSA-2021:5094](http://access.redhat.com/errata/RHSA-2021:5094)' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Software AG - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-logging-elasticsearch6 cves: cve-2021-4104: investigated: false @@ -69710,13 +69681,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: SolarWinds - product: Database Performance Analyzer (DPA) + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-hive cves: cve-2021-4104: investigated: false @@ -69724,11 +69696,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - 2021.1.x - - 2021.3.x - - 2022.1.x + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69742,13 +69711,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Orion Platform + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Container Platform 4 + product: openshift4/ose-metering-presto cves: cve-2021-4104: investigated: false @@ -69771,13 +69741,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SolarWinds - product: Server & Application Monitor (SAM) + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenShift Logging + product: logging-elasticsearch6-container cves: cve-2021-4104: investigated: false @@ -69785,9 +69756,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - SAM 2020.2.6 and later + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -69801,14 +69771,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 - notes: 'For more information, please see the following KB article for the latest - details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: Please refer to Red Hat Customer Portal to find the right errata for your + version. references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: SonarSource - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat OpenStack Platform 13 (Queens) + product: opendaylight cves: cve-2021-4104: investigated: false @@ -69831,13 +69801,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 - notes: '' + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: End of Life references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Sonatype - product: All Products + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-java-common-log4j cves: cve-2021-4104: investigated: false @@ -69845,11 +69815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -69861,17 +69830,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status - notes: Sonatype uses logback as the default logging solution as opposed to log4j. - This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository - OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the - reported log4j vulnerabilities. We still advise keeping your software upgraded - at the latest version. + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-29T00:00:00' - - vendor: SonicWall - product: Access Points + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven35-log4j12 cves: cve-2021-4104: investigated: false @@ -69894,13 +69859,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Access Points + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analytics + last_updated: '2021-12-21T00:00:00' + - vendor: Red Hat Software Collections + product: rh-maven36-log4j12 cves: cve-2021-4104: investigated: false @@ -69923,13 +69888,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://access.redhat.com/security/cve/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Analyzer + last_updated: '2021-12-21T00:00:00' + - vendor: Red5Pro + product: '' cves: cve-2021-4104: investigated: false @@ -69952,13 +69917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://www.red5pro.com/blog/red5-marked-safe-from-log4j-and-log4j2-zero-day/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Client & Capture Client Portal + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RedGate + product: '' cves: cve-2021-4104: investigated: false @@ -69981,13 +69946,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Client. + - https://www.red-gate.com/privacy-and-security/vulnerabilities/2021-12-15-log4j-statement + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Capture Security Appliance + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Redis + product: '' cves: cve-2021-4104: investigated: false @@ -70010,13 +69975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the Capture Security appliance. + - https://redis.com/security/notice-apache-log4j2-cve-2021-44228/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Reiner SCT + product: '' cves: cve-2021-4104: investigated: false @@ -70039,13 +70004,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://forum.reiner-sct.com/index.php?/topic/5973-timecard-und-log4j-schwachstelle/&do=findComment&comment=14933 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Email Security + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ReportURI + product: '' cves: cve-2021-4104: investigated: false @@ -70068,13 +70033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: ES 10.0.11 and earlier versions are impacted + - https://scotthelme.co.uk/responding-to-the-log4j-2-vulnerability/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: SonicWall - product: Gen5 Firewalls (EOS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ResMed + product: AirView cves: cve-2021-4104: investigated: false @@ -70097,13 +70062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://www.resmed.com/en-us/security/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen6 Firewalls + last_updated: '2021-12-21T00:00:00' + - vendor: ResMed + product: myAir cves: cve-2021-4104: investigated: false @@ -70126,13 +70091,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://www.resmed.com/en-us/security/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: Gen7 Firewalls + last_updated: '2021-12-21T00:00:00' + - vendor: Respondus + product: '' cves: cve-2021-4104: investigated: false @@ -70155,13 +70120,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the appliance. + - https://support.respondus.com/support/index.php?/News/NewsItem/View/339 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: GMS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Revenera / Flexera + product: '' cves: cve-2021-4104: investigated: false @@ -70184,13 +70150,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://community.flexera.com/t5/Revenera-Company-News/Security-Advisory-Log4j-Java-Vulnerability-CVE-2021-44228/ba-p/216905 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: MSW + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ricoh + product: '' cves: cve-2021-4104: investigated: false @@ -70213,13 +70179,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Mysonicwall service doesn't use Log4j + - https://www.ricoh.com/info/2021/1215_1/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: NSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RingCentral + product: '' cves: cve-2021-4104: investigated: false @@ -70242,13 +70208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: NSM On-Prem and SaaS doesn't use a vulnerable version + - https://www.ringcentral.com/trust-center/security-bulletin.html + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 100 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Riverbed + product: '' cves: cve-2021-4104: investigated: false @@ -70271,13 +70237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SMA100 appliance. + - https://supportkb.riverbed.com/support/index?page=content&id=S35645 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SMA 1000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataFlowML cves: cve-2021-4104: investigated: false @@ -70285,8 +70251,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.00.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70300,13 +70267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicCore + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: FactoryTalk Analytics DataView cves: cve-2021-4104: investigated: false @@ -70314,8 +70281,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70329,13 +70297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: SonicCore doesn't use a Log4j2 + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: SonicWall Switch + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Industrial Data Center cves: cve-2021-4104: investigated: false @@ -70343,9 +70311,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Gen 1 + - Gen 2 + - Gen 3 + - Gen 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -70358,13 +70330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the SonicWall Switch. + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WAF + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: MES EIG cves: cve-2021-4104: investigated: false @@ -70372,8 +70344,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 3.03.00 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70387,13 +70360,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Under Review + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: Customers should upgrade to EIG Hub if possible or work with their local + representatives about alternative solutions. references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WNM + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: VersaVirtual cves: cve-2021-4104: investigated: false @@ -70401,9 +70375,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Series A unaffected_versions: [] cve-2021-45046: investigated: false @@ -70416,13 +70391,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: Log4j2 not used in the WNM. + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SonicWall - product: WXA + last_updated: '2021-12-15T00:00:00' + - vendor: Rockwell Automation + product: Warehouse Management cves: cve-2021-4104: investigated: false @@ -70430,8 +70405,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.01.00 + - 4.02.00 + - 4.02.01 + - 4.02.02 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70445,13 +70424,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 - notes: WXA doesn't use a vulnerable version + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Cloud Optix + last_updated: '2021-12-15T00:00:00' + - vendor: Rollbar + product: '' cves: cve-2021-4104: investigated: false @@ -70474,15 +70453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Users may have noticed a brief outage around 12:30 GMT as updates were - deployed. There was no evidence that the vulnerability was exploited and to - our knowledge no customers are impacted. + - https://rollbar.com/blog/log4j-zero-day-2021-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Reflexion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rosette.com + product: '' cves: cve-2021-4104: investigated: false @@ -70505,13 +70482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Reflexion does not run an exploitable configuration. + - https://support.rosette.com/hc/en-us/articles/4416216525965-Log4j-Vulnerability + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM (all versions) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager cves: cve-2021-4104: investigated: false @@ -70533,14 +70510,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos SG UTM does not use Log4j. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: SG UTM Manager (SUM) (all versions) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager Prime cves: cve-2021-4104: investigated: false @@ -70548,11 +70524,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70563,14 +70538,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: SUM does not use Log4j. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Central + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Authentication Manager WebTier cves: cve-2021-4104: investigated: false @@ -70592,14 +70566,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Central does not run an exploitable configuration. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Firewall (all versions) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle cves: cve-2021-4104: investigated: false @@ -70621,14 +70594,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Firewall does not use Log4j. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Home + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Governance and Lifecycle Cloud cves: cve-2021-4104: investigated: false @@ -70650,14 +70622,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Home does not use Log4j. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA + product: SecurID Identity Router cves: cve-2021-4104: investigated: false @@ -70679,15 +70650,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable - configuration. + vendor_links: [] + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos Mobile EAS Proxy + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: RSA Netwitness + product: '' cves: cve-2021-4104: investigated: false @@ -70695,9 +70664,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < 9.7.2 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -70711,17 +70679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers - will need to download and install version 9.7.2, available from Monday December - 13, 2021, on the same machine where it is currently running. PowerShell mode - is not affected. Customers can download the Standalone EAS Proxy Installer version - 9.7.2 from the Sophos website. + - https://community.rsa.com/t5/netwitness-platform-product/netwitness-apache-vulnerability-log4j2-cve-2021-44228-nbsp/ta-p/660540 + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Sophos - product: Sophos ZTNA + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Rstudioapi + product: Rstudioapi cves: cve-2021-4104: investigated: false @@ -70729,10 +70693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '0.13' cve-2021-45046: investigated: false affected_versions: [] @@ -70744,12 +70709,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce - notes: Sophos ZTNA does not use Log4j. + - https://github.com/rstudio/rstudioapi + notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: SOS Berlin + last_updated: '2021-12-21T00:00:00' + - vendor: Rubrik product: '' cves: cve-2021-4104: @@ -70773,13 +70738,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability - notes: '' + - https://support.rubrik.com/s/announcementdetail?Id=a406f000001PwOcAAK + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:55+00:00' - - vendor: Spacelabs Healthcare - product: ABP + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ruckus + product: Virtual SmartZone (vSZ) cves: cve-2021-4104: investigated: false @@ -70788,12 +70754,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 5.1 to 6.0 fixed_versions: [] - unaffected_versions: - - OnTrak - - 90217A - - and 90207 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70805,13 +70769,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://support.ruckuswireless.com/security_bulletins/313 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: CardioExpress + last_updated: '2021-12-13T00:00:00' + - vendor: RunDeck by PagerDuty + product: '' cves: cve-2021-4104: investigated: false @@ -70819,13 +70783,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - SL6A - - SL12A - - and SL18A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -70837,13 +70798,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://docs.rundeck.com/docs/history/CVEs/ notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: DM3 and DM4 Monitors + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Runecast + product: Runecast Analyzer cves: cve-2021-4104: investigated: false @@ -70851,9 +70812,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.0.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -70866,13 +70828,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.runecast.com/release-notes notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Eclipse Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAE-IT + product: '' cves: cve-2021-4104: investigated: false @@ -70895,13 +70857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.sae-it.com/nc/de/news/sicherheitsmeldungen.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: EVO + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAFE FME Server + product: '' cves: cve-2021-4104: investigated: false @@ -70924,13 +70886,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAGE + product: '' cves: cve-2021-4104: investigated: false @@ -70953,13 +70915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + - https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Intesys Clinical Suite (ICS) Clinical Access Workstations + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SailPoint + product: '' cves: cve-2021-4104: investigated: false @@ -70982,13 +70944,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + - https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Lifescreen Pro + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Salesforce + product: Analytics Cloud cves: cve-2021-4104: investigated: false @@ -71011,13 +70974,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services + have been updated to mitigate the issues identified in CVE-2021-44228 and we + are executing our final validation steps."' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Pathfinder SL + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: B2C Commerce Cloud cves: cve-2021-4104: investigated: false @@ -71040,13 +71005,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The + service is being updated to remediate the vulnerability identified in CVE-2021-44228."' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: ClickSoftware (As-a-Service) cves: cve-2021-4104: investigated: false @@ -71054,41 +71020,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '91390' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' - references: - - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Qube Mini - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '91389' cve-2021-45046: investigated: false affected_versions: [] @@ -71100,13 +71035,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. + The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: SafeNSound + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: ClickSoftware (On-Premise) cves: cve-2021-4104: investigated: false @@ -71114,10 +71050,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 4.3.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71130,13 +71065,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: Version >4.3.1 - Not Affected + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Please contact Customer Support."' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Sentinel + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Community Cloud cves: cve-2021-4104: investigated: false @@ -71159,13 +71094,5681 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service + is being updated to remediate the vulnerability identified in CVE-2021-44228."' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Spacelabs Healthcare - product: Spacelabs Cloud + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Data.com + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has + a mitigation in place and is being updated to remediate the vulnerability identified in + CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: DataLoader + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=53.0.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Salesforce + product: Datorama + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has + a mitigation in place and is being updated to remediate the vulnerability identified in + CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Evergage (Interaction Studio) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. + Services have been updated to mitigate the issues identified in CVE-2021-44228 + and we are executing our final validation steps."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Force.com + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is + being updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Heroku + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action + is necessary at this time."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Marketing Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service + is being updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: MuleSoft (Cloud) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service + is being updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: MuleSoft (On-Premise) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Please contact Customer Support."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Pardot + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being + updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Sales Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service + is being updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Service Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service + is being updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Slack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a + mitigation in place and is being updated to remediate the vulnerability identified in + CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Social Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service + has a mitigation in place and is being updated to remediate the vulnerability + identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Salesforce + product: Tableau (On-Premise) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2021.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell + notes: Fixed in 2021.4.1 + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Salesforce + product: Tableau (Online) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service + is being updated to remediate the vulnerability identified in CVE-2021-44228."' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Sangoma + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.sangoma.com/community/s/article/Log4Shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SAP + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.sap.com/content/dam/support/en_us/library/ssp/my-support/trust-center/sap-tc-01-5025.pdf + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: SAP Advanced Platform + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://launchpad.support.sap.com/#/notes/3130698 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: SAP BusinessObjects + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.sap.com/2021/12/16/cve-2021-44228-impact-of-log4j-vulnerability-on-sap-businessobjects/ + notes: The support document is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: SAS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.sas.com/content/support/en/security-bulletins/remote-code-execution-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SASSAFRAS + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sassafras.com/log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Savignano software solutions + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://savignano.atlassian.net/wiki/spaces/SNOTIFY/blog/2021/12/13/2839740417/No+Log4j+Vulnerability+in+S+Notify + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SBT + product: SBT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <1.5.6 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/sbt/sbt/releases/tag/v1.5.7 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: ScaleComputing + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.scalecomputing.com/s/article/Apache-Log4j-Vulnerability + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScaleFusion MobileLock Pro + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.mobilock.in/article/t9sx43yg44-scalefusion-security-advisory-for-apache-log-4-j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Schneider Electric + product: EASYFIT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Ecoreal XL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Expert + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: EcoStruxure IT Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - V1.5.0 to V1.13.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://ecostruxureit.com/download-and-set-upecostruxureit-gateway/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Eurotherm Data Reviewer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - V3.0.2 and prior + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Facility Expert Small Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: MSE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NetBotz750/755 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Software versions 5.0 through 5.3.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: NEW630 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK BOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-Docgen + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-TNC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK-UMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D2DRenderer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SDK3D360Widget + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Select and Config DATA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-API + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNC-CMM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SNCSEMTECH + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SPIMV3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEditor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: SWBEngine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Current software and earlier + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.se.com/us/en/download/document/7EN52-0390/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schneider Electric + product: Wiser by SE platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Schweitzer Engineering Laboratories + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://selinc.com/support/security-notifications/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: SCM Manager + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://scm-manager.org/blog/posts/2021-12-13-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ScreenBeam + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://customersupport.screenbeam.com/hc/en-us/articles/4416468085389-December-2021-Security-Alert-Log4j-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SDL worldServer + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://gateway.sdl.com/apex/communityknowledge?articleName=000017707 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Seagull Scientific + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.seagullscientific.com/hc/en-us/articles/4415794235543-Apache-Log4Shell-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SecurePoint + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.securepoint.de/news/details/sicherheitsluecke-log4j-securepoint-loesungen-nicht-betroffen.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Security Onion + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.securityonion.net/2021/12/security-onion-2390-20211210-hotfix-now.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Securonix + product: Extended Detection and Response (XDR) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Next Gen SIEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: Security Analytics and Operations Platform (SOAR) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: SNYPR Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-OnPrem-Customer-Update.pdf + notes: '' + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Securonix + product: User and Entity Behavior Analytics(UEBA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.securonix.com/wp-content/uploads/2021/12/CVE-2021-44228-Securonix-Cloud-Customer-Update.pdf + notes: Patching ongoing as of 12/10/2021 + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Seeburger + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://servicedesk.seeburger.de/portal/en-US/Knowledge/Article/?defId=101040&id=25486312&COMMAND=Open + notes: This advisory is available to customers only and has not been reviewed + by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SentinelOne + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sentinelone.com/blog/cve-2021-44228-staying-secure-apache-log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sentry + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.sentry.io/2021/12/15/sentrys-response-to-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SEP + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Server Eye + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceNow + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - http://shibboleth.net/pipermail/announce/2021-December/000253.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Shibboleth + product: All Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Identity Provider>=3.0 + - All other software versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://shibboleth.net/pipermail/announce/2021-December/000253.html + notes: '' + references: + - '' + last_updated: '2021-12-10T00:00:00' + - vendor: Shopify + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siebel + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siebelhub.com/main/2021/12/log4j-vulnerability-cve-2021-44228-and-siebel-crm.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-661247.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-19T00:00:00' + - vendor: Siemens Energy + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Siemens Energy + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-397453.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Siemens Energy + product: Affected Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cert-portal.siemens.com/productcert/pdf/ssa-714170.pdf + notes: 'Siemens requests: See pdf for the complete list of affected products, + CSAF for automated parsing of data' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Siemens Healthineers + product: ATELLICA DATA MANAGER v1.1.1 / v1.2.1 / v1.3.1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your Atellica Data Manager has a “Java communication + engine” service, and you require an immediate mitigation, then please contact + your Siemens Customer Care Center or your local Siemens technical support representative. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: CENTRALINK v16.0.2 / v16.0.3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: If you have determined that your CentraLink has a “Java communication engine” + service, and you require a mitigation, then please contact your Siemens Customer + Care Center or your local Siemens technical support representative. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Flow S1 / Alpha / Spin VA30 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Cios Select FD/I.I. VA21 / VA21-S3P + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: DICOM Proxy VB10A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.All, Som10 VA20 / VA30 / VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Fit, Som10 VA30 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Now, Som10 VA10 / VA20 / VA30 / VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Open Pro, Som10 VA30 / VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Sim, Som10 VA30 / VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Top, Som10 VA20 / VA20A_SP5 / VA30 / VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: go.Up, Som10 VA10 / VA20 / VA30 / VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM AERA 1,5T, MAGNETOM PRISMA, MAGNETOM PRISMA FIT, MAGNETOM SKYRA + 3T NUMARIS/X VA30A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Altea NUMARIS/X VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM ALTEA, MAGNETOM LUMINA, MAGNETOM SOLA, MAGNETOM VIDA NUMARIS/X + VA31A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Amira NUMARIS/X VA12M + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Free.Max NUMARIS/X VA40 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Lumina NUMARIS/X VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sempra NUMARIS/X VA12M + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola fit NUMARIS/X VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Sola NUMARIS/X VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida fit NUMARIS/X VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: MAGNETOM Vida NUMARIS/X VA10A* / VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'LOG4J is used in the context of the help system. Workaround: close port + 8090 for standalone systems. Setup IP whitelisting for "need to access" systems + to network port 8090 in case a second console is connected.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: SENSIS DMCC / DMCM / TS / VM / PPWS / DS VD12A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Emotion Som5 VC50 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Somatom Scope Som5 VC50 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: evaluation ongoing + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: Syngo MobileViewer VA10A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 + / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 + - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: Please contact your Customer Service to get support on mitigating the vulnerability. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 + - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B + / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 + / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: syngo.via WebViewer VA13B / VA20A / VA20B + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: remove the vulnerable class from the .jar file' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Ceed Somaris 10 VA40* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Siemens Healthineers + product: X.Cite Somaris 10 VA30*/VA40* + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 + notes: 'Workaround: In the meantime, we recommend preventing access to port 8090 + from other devices by configuration of the hospital network.' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Sierra Wireless + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sierra Wireless + product: AirVantage and Octave cloud platforms + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: These systems do not operate with the specific non-standard configuration + required for CVE-2021-25046 and hence were not vulnerable to it. + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Sierra Wireless + product: AM/AMM servers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://source.sierrawireless.com/resources/security-bulletins/sierra-wireless-technical-bulletin---swi-psa-2021-007/#sthash.iT98k4HP.dpbs + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Signald + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://gitlab.com/signald/signald/-/issues/259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Silver Peak + product: Orchestrator, Silver Peak GMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/website/techdocs/sdwan/docs/advisories/media/security_advisory_notice_apache_log4j2_cve_2021_44228.pdf + notes: Customer managed Orchestrator and legacy GMS products are affected by this + vulnerability. This includes on-premise and customer managed instances running + in public cloud services such as AWS, Azure, Google, or Oracle Cloud. See Corrective + Action Required for details about how to mitigate this exploit. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: SingleWire + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.singlewire.com/s/article/Apache-Log4j2-vulnerability-CVE-2021-44228 + notes: This advisory is available to customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SISCO + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://sisconet.com/sisco-news/log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Sitecore + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1001391 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Skillable + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://skillable.com/log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SLF4J + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - http://slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Slurm + product: Slurm + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 20.11.8 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://slurm.schedmd.com/documentation.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: SMA Solar Technology AG + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://files.sma.de/downloads/HK_Log4j-en-10.pdf?_ga=2.237963714.352491368.1640298543-2015796445.1640298540 + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: SmartBear + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://smartbear.com/security/cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SmileCDR + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.smilecdr.com/our-blog/a-statement-on-log4shell-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sn0m + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.snom.com/en/press/log4j-poses-no-threat-snom-phones/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snakemake + product: Snakemake + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.12.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://snakemake.readthedocs.io/en/stable/ + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Snow Software + product: Snow Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.1 to 8.10.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snow Software + product: VM Access Proxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3.1 to v3.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.snowsoftware.com/s/feed/0D5690000B4U6hUCQS + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snowflake + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Snyk + product: Cloud Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Software AG + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: SolarWinds + product: Database Performance Analyzer (DPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2021.1.x + - 2021.3.x + - 2022.1.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Orion Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: SolarWinds + product: Server & Application Monitor (SAM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - SAM 2020.2.6 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228 + notes: 'For more information, please see the following KB article for the latest + details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US)' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: SonarSource + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Sonatype + product: All Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All Versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.sonatype.com/docs/important-announcements/sonatype-product-log4j-vulnerability-status + notes: Sonatype uses logback as the default logging solution as opposed to log4j. + This means our software including Nexus Lifecycle, Nexus Firewall, Nexus Repository + OSS and Nexus Repository Pro in versions 2.x and 3.x are NOT affected by the + reported log4j vulnerabilities. We still advise keeping your software upgraded + at the latest version. + references: + - '' + last_updated: '2021-12-29T00:00:00' + - vendor: SonicWall + product: Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Access Points + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Client & Capture Client Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Client. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Capture Security Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the Capture Security appliance. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: CAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Email Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: ES 10.0.11 and earlier versions are impacted + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: SonicWall + product: Gen5 Firewalls (EOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen6 Firewalls + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: Gen7 Firewalls + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the appliance. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: GMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: MSW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Mysonicwall service doesn't use Log4j + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: NSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: NSM On-Prem and SaaS doesn't use a vulnerable version + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SMA100 appliance. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SMA 1000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Version 12.1.0 and 12.4.1 doesn't use a vulnerable version + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicCore + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: SonicCore doesn't use a Log4j2 + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: SonicWall Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the SonicWall Switch. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WAF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Under Review + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WNM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: Log4j2 not used in the WNM. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SonicWall + product: WXA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032 + notes: WXA doesn't use a vulnerable version + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Cloud Optix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Users may have noticed a brief outage around 12:30 GMT as updates were + deployed. There was no evidence that the vulnerability was exploited and to + our knowledge no customers are impacted. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Reflexion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Reflexion does not run an exploitable configuration. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM (all versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos SG UTM does not use Log4j. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: SG UTM Manager (SUM) (all versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: SUM does not use Log4j. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Central does not run an exploitable configuration. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Firewall (all versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Firewall does not use Log4j. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Home + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Home does not use Log4j. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos Mobile (in Central, SaaS, and on-premises) does not run an exploitable + configuration. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos Mobile EAS Proxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - < 9.7.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: The Sophos Mobile EAS Proxy, running in Traffic Mode, is affected. Customers + will need to download and install version 9.7.2, available from Monday December + 13, 2021, on the same machine where it is currently running. PowerShell mode + is not affected. Customers can download the Standalone EAS Proxy Installer version + 9.7.2 from the Sophos website. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Sophos + product: Sophos ZTNA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sophos.com/en-us/security-advisories/sophos-sa-20211210-log4j-rce + notes: Sophos ZTNA does not use Log4j. + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: SOS Berlin + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.sos-berlin.com/en/news-mitigation-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Spacelabs Healthcare + product: ABP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - OnTrak + - 90217A + - and 90207 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: CardioExpress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - SL6A + - SL12A + - and SL18A + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: DM3 and DM4 Monitors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Eclipse Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: EVO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Intesys Clinical Suite (ICS) Clinical Access Workstations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Lifescreen Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Pathfinder SL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91390' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Qube Mini + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '91389' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: SafeNSound + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: Version >4.3.1 - Not Affected + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Sentinel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.spacelabshealthcare.com/products/security/security-advisories-and-archives/log4shell-vulnerability-assessment-and-potential-product-impact-statement/ + notes: '' + references: + - '' + last_updated: '2022-01-05T00:00:00' + - vendor: Spacelabs Healthcare + product: Spacelabs Cloud cves: cve-2021-4104: investigated: false @@ -71375,7 +76978,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spigot product: '' cves: @@ -71404,7 +77007,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Splunk product: Data Stream Processor cves: @@ -72076,7 +77679,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring product: Spring Boot cves: @@ -72106,7 +77709,7 @@ software: switched the default logging system to Log4J2 references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Spring Boot product: '' cves: @@ -72135,7 +77738,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StarDog product: '' cves: @@ -72164,7 +77767,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:55+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: STERIS product: Advantage cves: @@ -73701,7 +79304,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Storagement product: '' cves: @@ -73730,7 +79333,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StormShield product: '' cves: @@ -73759,7 +79362,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: StrangeBee TheHive & Cortex product: '' cves: @@ -73788,7 +79391,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stratodesk product: '' cves: @@ -73817,7 +79420,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Strimzi product: '' cves: @@ -73846,7 +79449,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Stripe product: '' cves: @@ -73875,7 +79478,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Styra product: '' cves: @@ -73904,7 +79507,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sumologic product: '' cves: @@ -73933,7 +79536,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SumoLogic product: '' cves: @@ -73962,7 +79565,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Superna EYEGLASS product: '' cves: @@ -73991,7 +79594,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Suprema Inc product: '' cves: @@ -74020,7 +79623,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SUSE product: '' cves: @@ -74049,7 +79652,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sweepwidget product: '' cves: @@ -74078,7 +79681,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Swyx product: '' cves: @@ -74107,7 +79710,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synchro MSP product: '' cves: @@ -74136,7 +79739,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syncplify product: '' cves: @@ -74165,7 +79768,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synology product: '' cves: @@ -74194,7 +79797,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Synopsys product: '' cves: @@ -74223,7 +79826,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Syntevo product: '' cves: @@ -74252,7 +79855,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: SysAid product: '' cves: @@ -74281,7 +79884,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Sysdig product: '' cves: @@ -74310,7 +79913,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tableau product: Tableau Bridge cves: @@ -74567,7 +80170,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tanium product: All cves: @@ -74626,7 +80229,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TeamPasswordManager product: '' cves: @@ -74655,7 +80258,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Teamviewer product: '' cves: @@ -74684,7 +80287,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tech Software product: OneAegis (f/k/a IRBManager) cves: @@ -74803,7 +80406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Telestream product: '' cves: @@ -74832,7 +80435,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tenable product: Tenable.io / Nessus cves: @@ -74862,7 +80465,7 @@ software: to CVE-2021-44228 or CVE-2021-45046 at this time references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Thales product: CADP/SafeNet Protect App (PA) - JCE cves: @@ -76698,7 +82301,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ThycoticCentrify product: Account Lifecycle Manager cves: @@ -76997,7 +82600,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Top Gun Technology (TGT) product: '' cves: @@ -77026,7 +82629,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TopDesk product: '' cves: @@ -77055,7 +82658,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Topicus Security product: Topicus KeyHub cves: @@ -77114,7 +82717,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tosibox product: '' cves: @@ -77143,7 +82746,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TPLink product: Omega Controller cves: @@ -77204,7 +82807,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tricentis Tosca product: '' cves: @@ -77233,7 +82836,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tridium product: '' cves: @@ -77531,7 +83134,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TrueNAS product: '' cves: @@ -77560,7 +83163,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Tufin product: '' cves: @@ -77589,7 +83192,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: TYPO3 product: '' cves: @@ -77618,7 +83221,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Application cves: @@ -77648,7 +83251,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ubiquiti product: UniFi Network Controller cves: @@ -77708,7 +83311,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: UiPath product: InSights cves: @@ -77767,7 +83370,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: UniFlow product: '' cves: @@ -77796,7 +83399,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Unify ATOS product: '' cves: @@ -77825,7 +83428,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Unimus product: '' cves: @@ -77854,7 +83457,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: USSIGNAL MSP product: '' cves: @@ -77883,7 +83486,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varian product: Acuity cves: @@ -79113,7 +84716,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varnish Software product: '' cves: @@ -79142,7 +84745,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Varonis product: '' cves: @@ -79171,7 +84774,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veeam product: '' cves: @@ -79200,7 +84803,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Venafi product: '' cves: @@ -79229,7 +84832,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Veritas NetBackup product: '' cves: @@ -79258,7 +84861,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Vertica product: '' cves: @@ -79346,7 +84949,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: VMware product: API Portal for VMware Tanzu cves: @@ -80598,7 +86201,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wasp Barcode technologies product: '' cves: @@ -80627,7 +86230,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard product: Secplicity cves: @@ -80656,7 +86259,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Western Digital product: '' cves: @@ -80685,7 +86288,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WIBU Systems product: CodeMeter Cloud Lite cves: @@ -80774,7 +86377,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WireShark product: '' cves: @@ -80803,7 +86406,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wistia product: '' cves: @@ -80832,7 +86435,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo product: '' cves: @@ -80861,7 +86464,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress product: '' cves: @@ -80890,7 +86493,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere product: '' cves: @@ -80919,7 +86522,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza product: '' cves: @@ -80948,7 +86551,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 product: WSO2 Enterprise Integrator cves: @@ -80978,7 +86581,7 @@ software: notes: A temporary mitigation is available while vendor works on update references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XCP-ng product: '' cves: @@ -81007,7 +86610,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XenForo product: '' cves: @@ -81036,7 +86639,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox product: '' cves: @@ -81065,7 +86668,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: @@ -81094,7 +86697,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG product: '' cves: @@ -81123,7 +86726,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI product: '' cves: @@ -81152,7 +86755,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xylem product: Aquatalk cves: @@ -81651,7 +87254,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin product: '' cves: @@ -81680,7 +87283,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA product: '' cves: @@ -81738,7 +87341,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zabbix product: '' cves: @@ -81767,7 +87370,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZAMMAD product: '' cves: @@ -81796,7 +87399,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zaproxy product: '' cves: @@ -81825,7 +87428,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zebra product: '' cves: @@ -81854,7 +87457,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zendesk product: All Products cves: @@ -81915,7 +87518,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zentera Systems, Inc. product: CoIP Access Platform cves: @@ -81974,7 +87577,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zesty product: '' cves: @@ -82003,7 +87606,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zimbra product: '' cves: @@ -82032,7 +87635,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zix product: '' cves: @@ -82090,7 +87693,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ZPE systems Inc product: '' cves: @@ -82119,7 +87722,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zscaler product: See Link (Multiple Products) cves: @@ -82177,7 +87780,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel product: Security Firewall/Gateways cves: From 4b2427464835a2d72dbdd3a376dbce07f42e71dd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 25 Jan 2022 14:48:05 -0500 Subject: [PATCH 040/268] Fix line length --- data/cisagov_W.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index 158e9ee..31996e3 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -239,7 +239,9 @@ software: - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender + components, however, JMSAppender is deactivated in the release package and not affected by + CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' @@ -272,7 +274,9 @@ software: - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender + components, however, JMSAppender is deactivated in the release package and not affected by + CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' @@ -305,7 +309,9 @@ software: - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender + components, however, JMSAppender is deactivated in the release package and not affected by + CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' From 1b09d6cac21127dca34906d0d35276967c925ad7 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 25 Jan 2022 19:58:48 +0000 Subject: [PATCH 041/268] Update the software list --- SOFTWARE-LIST.md | 9 +- data/cisagov.yml | 264 +++++++++++++++++++++++++++++++++++++++++++-- data/cisagov_W.yml | 111 +++++++++---------- 3 files changed, 319 insertions(+), 65 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index fdf75df..231f55a 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2939,7 +2939,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WindRiver | | | | Unknown | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | LTS21 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wind River | WRL-6 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | +| Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index b0f11e7..371fd39 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -86349,35 +86349,279 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + - vendor: Wind River + product: LTS17 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: WireShark product: '' cves: diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index 0093ec2..b2629d1 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -211,275 +211,278 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Wind River - product: WRL-6 + product: LTS17 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender - components, however, JMSAppender is deactivated in the release package and not affected by - CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: '' references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: WRL-7 + product: LTS18 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender - components, however, JMSAppender is deactivated in the release package and not affected by - CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: '' references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: WRL-8 + product: LTS19 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender - components, however, JMSAppender is deactivated in the release package and not affected by - CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: '' references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: WRL-9 + product: LTS21 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-21T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wind River - product: LTS17 + product: WRL-6 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: '' + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS18 + product: WRL-7 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: '' + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS19 + product: WRL-8 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: '' + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually + activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS21 + product: WRL-9 cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-21T00:00:00' - vendor: WireShark product: '' cves: From 43603ca4f81c606c94bf19e51f9dcb289cd20fcf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 25 Jan 2022 15:20:04 -0500 Subject: [PATCH 042/268] Fix line length --- data/cisagov_S.yml | 85 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 64 insertions(+), 21 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 936e184..7fc98d8 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -146,7 +146,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to + address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -175,7 +177,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -204,7 +208,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 + and CVE-2021-45046. Salesforce-owned services and third-party vendors + have been patched to address the issues currently identified in + CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -262,7 +269,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to + address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -291,7 +300,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Data.com was affected by CVE-2021-44228 and CVE-2021-45046.  Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched + to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -350,7 +361,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched + to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -408,9 +421,13 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - -The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader.' + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched + to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + The Data Loader tool has been patched to address the issues currently identified + in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader + version 53.0.2 or later. Follow the steps described here to download the latest + version of Data Loader. references: - '' last_updated: '2021-12-15T00:00:00' @@ -439,7 +456,8 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046.' + notes: Heroku is reported to not be affected by the issues currently + identified in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -468,7 +486,10 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046.' + notes: Salesforce-owned services within Marketing Cloud are not affected + by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. + Third-party vendors have been patched to address the security issues currently + identified in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -497,7 +518,10 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here.' + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. + Mulesoft services, including dataloader.io, have been updated to mitigate + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Please see additional details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -526,7 +550,11 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here.' + notes: 'MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud + Edition (PCE) and Anypoint Studio, have a mitigation in place to address the + issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Please see additional details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -555,7 +583,9 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched + to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -584,7 +614,9 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to + address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -613,7 +645,9 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to + address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -642,7 +676,10 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here.' + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched + to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. + Additional details are available here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -671,7 +708,9 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to + address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -701,7 +740,9 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -730,7 +771,9 @@ The Data Loader tool has been patched to address the issues currently identified unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046.' + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. + Services have been patched to mitigate the issues currently identified in + both CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -9064,4 +9107,4 @@ The Data Loader tool has been patched to address the issues currently identified references: - '' last_updated: '2022-01-12T07:18:56+00:00' -... \ No newline at end of file +... From d8c4b4ce608e9fb775c6f92c20bef4b0a4518c52 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 25 Jan 2022 15:26:21 -0500 Subject: [PATCH 043/268] Fixed line lentgth, and extra quote mark --- data/cisagov_S.yml | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 8959d90..4810e97 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -240,7 +240,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here.' + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address the + issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details + are available here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -392,7 +395,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -550,7 +555,7 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: 'MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. From cdc5a681821688067eed1f12f255f337b55ee2bc Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 25 Jan 2022 20:31:24 +0000 Subject: [PATCH 044/268] Update the software list --- SOFTWARE-LIST.md | 40 +++++------ data/cisagov.yml | 142 +++++++++++++++++++++++---------------- data/cisagov_S.yml | 161 ++++++++++++++++++++++----------------------- 3 files changed, 184 insertions(+), 159 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 231f55a..b6abc74 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2422,27 +2422,27 @@ NOTE: This file is automatically generated. To submit updates, please refer to | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAGE | | | | Unknown | [link](https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SailPoint | | | | Unknown | [link](https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Analytics Cloud is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Community Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Community Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Data.com is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Salesforce | DataLoader | | <=53.0.0 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Datorama is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. Services have been updated to mitigate the issues identified in CVE-2021-44228 and we are executing our final validation steps." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Force.com is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Heroku is reported to not be affected by CVE-2021-44228; no further action is necessary at this time." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Marketing Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Please contact Customer Support." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Pardot is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Sales Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Service Cloud is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Slack is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Social Studio is reported to be affected by CVE-2021-44228. The service has a mitigation in place and is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Fixed in 2021.4.1 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | "Tableau (Online) is reported to be affected by CVE-2021-44228. The service is being updated to remediate the vulnerability identified in CVE-2021-44228." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Experience (Community) Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 371fd39..ee8532d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -70975,9 +70975,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Analytics Cloud is reported to be affected by CVE-2021-44228. Services - have been updated to mitigate the issues identified in CVE-2021-44228 and we - are executing our final validation steps."' + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71006,8 +71006,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"B2C Commerce Cloud is reported to be affected by CVE-2021-44228. The - service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71036,8 +71037,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"ClickSoftware (As-a-Service) is reported to be affected by CVE-2021-44228. - The service is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71066,12 +71068,15 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Community Cloud + product: Data.com cves: cve-2021-4104: investigated: false @@ -71095,13 +71100,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Community Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Data.com + product: DataLoader cves: cve-2021-4104: investigated: false @@ -71109,9 +71115,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <=53.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -71124,15 +71131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Data.com is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-22T00:00:00' - vendor: Salesforce - product: DataLoader + product: Datorama cves: cve-2021-4104: investigated: false @@ -71140,10 +71145,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - <=53.0.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71156,13 +71160,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Datorama + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -71186,14 +71192,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Datorama is reported to be affected by CVE-2021-44228. The service has - a mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Evergage (Interaction Studio) + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -71217,9 +71223,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Evergage (Interaction Studio) is reported to be affected by CVE-2021-44228. - Services have been updated to mitigate the issues identified in CVE-2021-44228 - and we are executing our final validation steps."' + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71248,8 +71254,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Force.com is reported to be affected by CVE-2021-44228. The service is - being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71278,8 +71288,8 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Heroku is reported to not be affected by CVE-2021-44228; no further action - is necessary at this time."' + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71308,8 +71318,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Marketing Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71338,8 +71350,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"MuleSoft (Cloud) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71368,7 +71382,11 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Please contact Customer Support."' + notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71397,8 +71415,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Pardot is reported to be affected by CVE-2021-44228. The service is being - updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71427,8 +71446,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Sales Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71457,8 +71477,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Service Cloud is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71487,9 +71508,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Slack is reported to be affected by CVE-2021-44228. The service has a - mitigation in place and is being updated to remediate the vulnerability identified in - CVE-2021-44228."' + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71518,9 +71540,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Social Studio is reported to be affected by CVE-2021-44228. The service - has a mitigation in place and is being updated to remediate the vulnerability - identified in CVE-2021-44228."' + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -71550,7 +71572,10 @@ software: unaffected_versions: [] vendor_links: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell - notes: Fixed in 2021.4.1 + notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. + Patches to address the issues currently identified in both CVE-2021-44228 and + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -71579,8 +71604,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: '"Tableau (Online) is reported to be affected by CVE-2021-44228. The service - is being updated to remediate the vulnerability identified in CVE-2021-44228."' + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 4810e97..ed1e576 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -146,9 +146,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -177,9 +177,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -208,10 +208,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 - and CVE-2021-45046. Salesforce-owned services and third-party vendors - have been patched to address the issues currently identified in - CVE-2021-44228 and CVE-2021-45046. + notes: ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -241,14 +240,14 @@ software: vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 notes: ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address the - issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details - are available here. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional + details are available here. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Experience (Community) Cloud + product: Data.com cves: cve-2021-4104: investigated: false @@ -272,14 +271,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Data.com + product: DataLoader cves: cve-2021-4104: investigated: false @@ -287,9 +286,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - <=53.0.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -302,15 +302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Data.com was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-22T00:00:00' - vendor: Salesforce - product: DataLoader + product: Datorama cves: cve-2021-4104: investigated: false @@ -318,10 +316,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - <=53.0.0 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -334,13 +331,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://help.salesforce.com/s/articleView?id=000363736&type=1 + notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Datorama + product: Evergage (Interaction Studio) cves: cve-2021-4104: investigated: false @@ -364,14 +363,14 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Datorama was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. + Salesforce-owned services and third-party vendors have been patched to address + the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Salesforce - product: Evergage (Interaction Studio) + product: Experience (Community) Cloud cves: cve-2021-4104: investigated: false @@ -395,9 +394,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to address the issues - currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -426,13 +425,12 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - The Data Loader tool has been patched to address the issues currently identified - in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader - version 53.0.2 or later. Follow the steps described here to download the latest - version of Data Loader. + notes: Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been + patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + Make sure that you are using Data Loader version 53.0.2 or later. Follow the + steps described here to download the latest version of Data Loader. references: - '' last_updated: '2021-12-15T00:00:00' @@ -461,8 +459,8 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Heroku is reported to not be affected by the issues currently - identified in CVE-2021-44228 or CVE-2021-45046. + notes: Heroku is reported to not be affected by the issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -491,10 +489,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Salesforce-owned services within Marketing Cloud are not affected - by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. - Third-party vendors have been patched to address the security issues currently - identified in CVE-2021-44228 or CVE-2021-45046. + notes: Salesforce-owned services within Marketing Cloud are not affected by the + issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party + vendors have been patched to address the security issues currently identified + in CVE-2021-44228 or CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -523,10 +521,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. - Mulesoft services, including dataloader.io, have been updated to mitigate - the issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Please see additional details here. + notes: MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft + services, including dataloader.io, have been updated to mitigate the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -556,10 +554,10 @@ software: vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 notes: MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors, including Private Cloud - Edition (PCE) and Anypoint Studio, have a mitigation in place to address the - issues currently identified in CVE-2021-44228 and CVE-2021-45046. - Please see additional details here. + Salesforce-owned services and third-party vendors, including Private Cloud Edition + (PCE) and Anypoint Studio, have a mitigation in place to address the issues + currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional + details here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -588,9 +586,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -619,9 +617,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -650,9 +648,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -681,10 +679,10 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched - to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. - Additional details are available here. + notes: Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are + available here. references: - '' last_updated: '2021-12-15T00:00:00' @@ -713,9 +711,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. - Salesforce-owned services and third-party vendors have been patched to - address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. + notes: Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned + services and third-party vendors have been patched to address the issues currently + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' @@ -747,7 +745,8 @@ software: - https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell notes: Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and - CVE-2021-45046 are available for download. Additional details are available here. + CVE-2021-45046 are available for download. Additional details are available + here. references: - '' last_updated: '2021-12-16T00:00:00' @@ -776,9 +775,9 @@ software: unaffected_versions: [] vendor_links: - https://help.salesforce.com/s/articleView?id=000363736&type=1 - notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. - Services have been patched to mitigate the issues currently identified in - both CVE-2021-44228 and CVE-2021-45046. + notes: Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services + have been patched to mitigate the issues currently identified in both CVE-2021-44228 + and CVE-2021-45046. references: - '' last_updated: '2021-12-15T00:00:00' From 665c394be087e0f90d1a9795f9cf597bcd99d219 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Tue, 25 Jan 2022 15:13:54 -0700 Subject: [PATCH 045/268] Update cisagov_P.yml Added Panasonic vendor --- data/cisagov_P.yml | 150 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index c0bd941..4379219 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -717,6 +717,156 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panasonic + product: KX-HDV100, KX-HDV130, KX-HDV230, KX-HDV330, KX-HDV340, KX-HDV430 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500, KX-TGP550, KX-TGP600, KX-TGP700 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113, KX-UT123, KX-UT133, KX-UT136, KX-UT248, KX-UT670 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' - vendor: Panopto product: '' cves: From 4fd6df9e491a53cf73f7a6e783ac8dfcb77e1434 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 26 Jan 2022 08:38:13 -0500 Subject: [PATCH 046/268] Seperate KX-HDV products --- data/cisagov_P.yml | 152 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 151 insertions(+), 1 deletion(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4379219..aa30722 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -718,7 +718,157 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Panasonic - product: KX-HDV100, KX-HDV130, KX-HDV230, KX-HDV330, KX-HDV340, KX-HDV430 + product: KX-HDV100 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 cves: cve-2021-4104: investigated: '' From 8ebdb81f5bd7f1ffc5c11f312f92da522bda5a89 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 26 Jan 2022 08:40:50 -0500 Subject: [PATCH 047/268] Move KX-HDV800 in order --- data/cisagov_P.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index aa30722..694def8 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -898,7 +898,7 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panasonic - product: KX-TGP500, KX-TGP550, KX-TGP600, KX-TGP700 + product: KX-HDV800 cves: cve-2021-4104: investigated: '' @@ -928,7 +928,7 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panasonic - product: KX-HDV800 + product: KX-TGP500, KX-TGP550, KX-TGP600, KX-TGP700 cves: cve-2021-4104: investigated: '' From b0210c3b5202de7837c69e1e09d2a1f1577be582 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 26 Jan 2022 08:42:42 -0500 Subject: [PATCH 048/268] Separate KX-TGP products --- data/cisagov_P.yml | 92 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 1 deletion(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 694def8..5d88f83 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -928,7 +928,97 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panasonic - product: KX-TGP500, KX-TGP550, KX-TGP600, KX-TGP700 + product: KX-TGP500 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 cves: cve-2021-4104: investigated: '' From 3ff48a689dbdfce5f3cd00fce096dc544d8023a0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 26 Jan 2022 08:47:01 -0500 Subject: [PATCH 049/268] Move and separate KX-UT products --- data/cisagov_P.yml | 154 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 152 insertions(+), 2 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 5d88f83..39404f6 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -1048,7 +1048,7 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panasonic - product: KX-UT113, KX-UT123, KX-UT133, KX-UT136, KX-UT248, KX-UT670 + product: KX-UDS124 cves: cve-2021-4104: investigated: '' @@ -1078,7 +1078,157 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panasonic - product: KX-UDS124 + product: KX-UT113 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 cves: cve-2021-4104: investigated: '' From a56fecc5736f9e9c652fe4e93f30668e2f1948dc Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 26 Jan 2022 13:50:34 +0000 Subject: [PATCH 050/268] Update the software list --- SOFTWARE-LIST.md | 18 ++ data/cisagov.yml | 540 +++++++++++++++++++++++++++++++++++++++++++++ data/cisagov_P.yml | 36 +-- 3 files changed, 576 insertions(+), 18 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index b6abc74..010855a 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2240,6 +2240,24 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Palo-Alto Networks | User-ID Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Palo-Alto Networks | WildFire Appliance | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Palo-Alto Networks | WildFire Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Panasonic | KX-HDV100 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV130 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV230 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV330 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV340 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV430 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-HDV800 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP500 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP550 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP600 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-TGP700 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UDS124 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT113 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT123 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT133 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT136 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT248 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | +| Panasonic | KX-UT670 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | | Panopto | | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | diff --git a/data/cisagov.yml b/data/cisagov.yml index ee8532d..67ef881 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -65558,6 +65558,546 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Panasonic + product: KX-HDV100 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV130 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV230 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV330 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV340 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV430 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-HDV800 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP500 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP550 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP600 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-TGP700 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UDS124 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT113 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT123 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT133 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT136 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT248 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' + - vendor: Panasonic + product: KX-UT670 + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-20T00:00:00' - vendor: Panopto product: '' cves: diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 39404f6..25aa4c8 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -730,7 +730,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -760,7 +760,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -790,7 +790,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -820,7 +820,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -850,7 +850,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -880,7 +880,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -910,7 +910,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -940,7 +940,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -970,7 +970,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1000,7 +1000,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1030,7 +1030,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1060,7 +1060,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1090,7 +1090,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1120,7 +1120,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1150,7 +1150,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1180,7 +1180,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1210,7 +1210,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -1240,7 +1240,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] From 52c3cba0e97d821c3d7da6c3512b575eb969e3ec Mon Sep 17 00:00:00 2001 From: Paul Schrauder Date: Wed, 26 Jan 2022 16:52:20 -0600 Subject: [PATCH 051/268] Updated for Salesforce --- data/cisagov_S.yml | 224 ++++++++++++++++++++++++++------------------- 1 file changed, 131 insertions(+), 93 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 936e184..77cb501 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -130,14 +130,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -149,7 +151,7 @@ software: notes: 'Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: B2C Commerce Cloud cves: @@ -159,14 +161,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -178,7 +182,7 @@ software: notes: 'B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (As-a-Service) cves: @@ -188,14 +192,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -207,7 +213,7 @@ software: notes: 'ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (On-Premise) cves: @@ -217,14 +223,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -236,7 +244,7 @@ software: notes: 'ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Experience (Community) Cloud cves: @@ -246,14 +254,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -265,7 +275,7 @@ software: notes: '"Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Data.com cves: @@ -275,14 +285,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -294,7 +306,7 @@ software: notes: 'Data.com was affected by CVE-2021-44228 and CVE-2021-45046.  Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: DataLoader cves: @@ -334,14 +346,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -353,7 +367,7 @@ software: notes: 'Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Evergage (Interaction Studio) cves: @@ -363,14 +377,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -382,7 +398,7 @@ software: notes: 'Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Force.com cves: @@ -392,14 +408,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -413,7 +431,7 @@ software: The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Heroku cves: @@ -426,12 +444,14 @@ The Data Loader tool has been patched to address the issues currently identified investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45105: investigated: false affected_versions: [] @@ -442,7 +462,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Marketing Cloud cves: @@ -452,14 +472,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -471,7 +493,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (Cloud) cves: @@ -481,14 +503,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -500,7 +524,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (On-Premise) cves: @@ -510,14 +534,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -529,7 +555,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Pardot cves: @@ -539,14 +565,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -558,7 +586,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Sales Cloud cves: @@ -568,14 +596,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -587,7 +617,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Service Cloud cves: @@ -597,14 +627,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -616,7 +648,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Slack cves: @@ -626,14 +658,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -645,7 +679,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Social Studio cves: @@ -655,14 +689,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -674,7 +710,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Tableau (On-Premise) cves: @@ -714,14 +750,16 @@ The Data Loader tool has been patched to address the issues currently identified fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -733,7 +771,7 @@ The Data Loader tool has been patched to address the issues currently identified notes: 'Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046.' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Samsung Electronics America product: Knox Reseller Portal cves: From 4ae07fd16f0fc9e8f53cfac54dc5793d37f79bf9 Mon Sep 17 00:00:00 2001 From: Paul Schrauder Date: Wed, 26 Jan 2022 17:12:58 -0600 Subject: [PATCH 052/268] Updated for dataloader --- data/cisagov_S.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 7c7de43..100cb89 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -313,8 +313,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through Salesforce + Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, + and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' last_updated: '2022-01-26T00:00:00' From 9fd019fdb8f4c03fbe4333609a39c8a6cec9b58f Mon Sep 17 00:00:00 2001 From: Paul Schrauder Date: Wed, 26 Jan 2022 17:19:56 -0600 Subject: [PATCH 053/268] Fixed formatting of version --- data/cisagov_S.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 100cb89..39e6718 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -299,13 +299,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - >=53.0.2 + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - >=53.0.2 + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false From bec7f39ea3fac438ab58fda78cb593b264ec8711 Mon Sep 17 00:00:00 2001 From: Paul Schrauder Date: Wed, 26 Jan 2022 17:24:26 -0600 Subject: [PATCH 054/268] formatting --- data/cisagov_S.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 39e6718..00307cd 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -314,8 +314,8 @@ software: unaffected_versions: [] vendor_links: - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 - notes: This version is for use with Salesforce Winter '22 or higher release through Salesforce - Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, + notes: This version is for use with Salesforce Winter '22 or higher release through Salesforce + Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' From 338341cf24fbdd2ca56a02ad862ff0b0d11cb210 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 27 Jan 2022 16:12:46 +0000 Subject: [PATCH 055/268] Update the software list --- SOFTWARE-LIST.md | 38 ++++---- data/cisagov.yml | 227 ++++++++++++++++++++++++++------------------- data/cisagov_S.yml | 78 ++++++++-------- 3 files changed, 191 insertions(+), 152 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 010855a..2fdcade 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2440,27 +2440,27 @@ NOTE: This file is automatically generated. To submit updates, please refer to | SAFE FME Server | | | | Unknown | [link](https://community.safe.com/s/article/Is-FME-Server-Affected-by-the-Security-Vulnerability-Reported-Against-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SAGE | | | | Unknown | [link](https://www.sagecity.com/sage-global-solutions/sage-crm/f/sage-crm-announcements-news-and-alerts/178655/advisory-apache-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | SailPoint | | | | Unknown | [link](https://community.sailpoint.com/t5/IdentityIQ-Blog/IdentityIQ-log4j-Remote-Code-Execution-Vulnerability/ba-p/206681) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Salesforce | Analytics Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | B2C Commerce Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (As-a-Service) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | ClickSoftware (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Data.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | DataLoader | | <=53.0.0 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Salesforce | Analytics Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Analytics Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | B2C Commerce Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | B2C Commerce Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | ClickSoftware (As-a-Service) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (As-a-Service) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | ClickSoftware (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Data.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | DataLoader | | >=53.0.2 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2) | This version is for use with Salesforce Winter '22 or higher release through Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Evergage (Interaction Studio) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Experience (Community) Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Force.com | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Marketing Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (Cloud) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | MuleSoft (On-Premise) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Pardot | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Sales Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Service Cloud | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Slack | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Salesforce | Social Studio | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Evergage (Interaction Studio) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Experience (Community) Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Force.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Marketing Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | MuleSoft (Cloud) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | MuleSoft (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Pardot | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Pardot was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Sales Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Sales Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Service Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Service Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Slack | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Slack was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Social Studio | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Social Studio was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Tableau (On-Premise) | | < 2021.4.1 | Fixed | [link](https://kb.tableau.com/articles/issue/Apache-Log4j2-vulnerability-Log4shell) | Tableau (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Patches to address the issues currently identified in both CVE-2021-44228 and CVE-2021-45046 are available for download. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Salesforce | Tableau (Online) | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Tableau (Online) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Tableau Online was affected by CVE-2021-44228 and CVE-2021-45046. Services have been patched to mitigate the issues currently identified in both CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Samsung Electronics America | Knox Admin Portal | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Asset Intelligence | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Samsung Electronics America | Knox Configure | | | Not Affected | [link](https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 67ef881..f40f47b 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -71499,14 +71499,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71520,7 +71522,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: B2C Commerce Cloud cves: @@ -71530,14 +71532,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71551,7 +71555,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (As-a-Service) cves: @@ -71561,14 +71565,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71582,7 +71588,7 @@ software: the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: ClickSoftware (On-Premise) cves: @@ -71592,14 +71598,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71614,7 +71622,7 @@ software: details are available here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Data.com cves: @@ -71624,14 +71632,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71645,7 +71655,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: DataLoader cves: @@ -71658,12 +71668,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - <=53.0.0 + - '>=53.0.2' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '>=53.0.2' unaffected_versions: [] cve-2021-45105: investigated: false @@ -71671,11 +71682,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.1 - notes: '' + - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Datorama cves: @@ -71716,14 +71729,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71737,7 +71752,7 @@ software: the issues currently identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Experience (Community) Cloud cves: @@ -71747,14 +71762,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71768,7 +71785,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Force.com cves: @@ -71778,14 +71795,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71802,7 +71821,7 @@ software: steps described here to download the latest version of Data Loader. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Heroku cves: @@ -71815,12 +71834,14 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: investigated: false affected_versions: [] @@ -71832,7 +71853,7 @@ software: in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Marketing Cloud cves: @@ -71842,14 +71863,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71864,7 +71887,7 @@ software: in CVE-2021-44228 or CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (Cloud) cves: @@ -71874,14 +71897,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71896,7 +71921,7 @@ software: details here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: MuleSoft (On-Premise) cves: @@ -71906,14 +71931,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71929,7 +71956,7 @@ software: details here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Pardot cves: @@ -71939,14 +71966,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71960,7 +71989,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Sales Cloud cves: @@ -71970,14 +71999,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71991,7 +72022,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Service Cloud cves: @@ -72001,14 +72032,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72022,7 +72055,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Slack cves: @@ -72032,14 +72065,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72054,7 +72089,7 @@ software: available here. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Social Studio cves: @@ -72064,14 +72099,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72085,7 +72122,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Tableau (On-Premise) cves: @@ -72128,14 +72165,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -72149,7 +72188,7 @@ software: and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Samsung Electronics America product: Knox Admin Portal cves: diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 00307cd..4345867 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -133,13 +133,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -166,13 +166,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -199,13 +199,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -232,13 +232,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -266,13 +266,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -314,9 +314,9 @@ software: unaffected_versions: [] vendor_links: - https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2 - notes: This version is for use with Salesforce Winter '22 or higher release through Salesforce - Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, - and CVE-2021-45105 by upgrading to log4j 2.17.0. + notes: This version is for use with Salesforce Winter '22 or higher release through + Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for + CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. references: - '' last_updated: '2022-01-26T00:00:00' @@ -363,13 +363,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -396,13 +396,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -429,13 +429,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -466,13 +466,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: false affected_versions: [] @@ -497,13 +497,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -531,13 +531,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -565,13 +565,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -600,13 +600,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -633,13 +633,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -666,13 +666,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -699,13 +699,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -733,13 +733,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -799,13 +799,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false From 96ee2b93893ab64d28f5514b553c0f19a145f8f8 Mon Sep 17 00:00:00 2001 From: Paul Schrauder Date: Thu, 27 Jan 2022 11:32:34 -0600 Subject: [PATCH 056/268] Updated Salesforce for Heroku and Datorama --- data/cisagov_S.yml | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 00307cd..9b85e8b 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -329,14 +329,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45105: investigated: false @@ -350,7 +352,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Evergage (Interaction Studio) cves: @@ -462,13 +464,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - 'All' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: From e195f2947f5caefabd93bf793672b1650a5dc53e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 28 Jan 2022 13:44:32 +0000 Subject: [PATCH 057/268] Update the software list --- SOFTWARE-LIST.md | 4 ++-- data/cisagov.yml | 16 +++++++++------- data/cisagov_S.yml | 4 ++-- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2fdcade..446b9d9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2446,11 +2446,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Salesforce | ClickSoftware (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | ClickSoftware (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Additional details are available here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Data.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Data.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | DataLoader | | >=53.0.2 | Fixed | [link](https://github.com/forcedotcom/dataloader/releases/tag/v53.0.2) | This version is for use with Salesforce Winter '22 or higher release through Salesforce Force Partner API and Force WSC v53.0.0. It contains the fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 by upgrading to log4j 2.17.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | -| Salesforce | Datorama | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Salesforce | Datorama | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Datorama was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Evergage (Interaction Studio) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Evergage (Interaction Studio) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Experience (Community) Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Experience Cloud was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Force.com | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Force.com was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors have been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. The Data Loader tool has been patched to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Make sure that you are using Data Loader version 53.0.2 or later. Follow the steps described here to download the latest version of Data Loader. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | -| Salesforce | Heroku | | | Unknown | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| Salesforce | Heroku | | | Not Affected | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Heroku is reported to not be affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | Marketing Cloud | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | Salesforce-owned services within Marketing Cloud are not affected by the issues currently identified in CVE-2021-44228 or CVE-2021-45046. Third-party vendors have been patched to address the security issues currently identified in CVE-2021-44228 or CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | MuleSoft (Cloud) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (Cloud) was affected by CVE-2021-44228 and CVE-2021-45046. Mulesoft services, including dataloader.io, have been updated to mitigate the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | Salesforce | MuleSoft (On-Premise) | | All | Fixed | [link](https://help.salesforce.com/s/articleView?id=000363736&type=1) | MuleSoft (On-Premise) was affected by CVE-2021-44228 and CVE-2021-45046. Salesforce-owned services and third-party vendors, including Private Cloud Edition (PCE) and Anypoint Studio, have a mitigation in place to address the issues currently identified in CVE-2021-44228 and CVE-2021-45046. Please see additional details here. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | diff --git a/data/cisagov.yml b/data/cisagov.yml index f40f47b..895f01a 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -71698,14 +71698,16 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45105: investigated: false @@ -71719,7 +71721,7 @@ software: identified in CVE-2021-44228 and CVE-2021-45046. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-26T00:00:00' - vendor: Salesforce product: Evergage (Interaction Studio) cves: @@ -71831,13 +71833,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 65d1922..7b7bf71 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -332,13 +332,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45105: investigated: false From 4fa06f95b8a80507d6318379479e082960fc0f9e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 28 Jan 2022 09:27:04 -0500 Subject: [PATCH 058/268] Update Code42 Crashplan --- data/cisagov_C.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index b24be77..5a1d92b 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -6438,8 +6438,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.8' - - possibly prior versions + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6453,10 +6452,11 @@ software: unaffected_versions: [] vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: I think, they don't specify in the notice, but we know that they released - an updated Crashplan client. Possibly prior versions affected. + notes: The CrashPlan app was EOL'd and is now called Code42, so if you detect CrashPlan installed, it is vulnerable. + But you can update easily to Code42 8.8.1 or newer. references: - - '' + - 'https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/' + - 'https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates' last_updated: '2021-12-16T00:00:00' - vendor: CodeBeamer product: '' From 79326833425fa8302ffb40a17f5e5d5797050eab Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 28 Jan 2022 09:32:18 -0500 Subject: [PATCH 059/268] Fix notes linting error, Code42 Crashplan --- data/cisagov_C.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 5a1d92b..7e3c8ba 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -6453,7 +6453,7 @@ software: vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates notes: The CrashPlan app was EOL'd and is now called Code42, so if you detect CrashPlan installed, it is vulnerable. - But you can update easily to Code42 8.8.1 or newer. + But you can update easily to Code42 8.8.1 or newer. references: - 'https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/' - 'https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates' From b01276be22c67b95c2fe52557b477692f9ba42ff Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 28 Jan 2022 09:51:20 -0500 Subject: [PATCH 060/268] Revert "Update Code42 Crashplan" --- data/cisagov_C.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 7e3c8ba..b24be77 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -6438,7 +6438,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - '8.8' + - possibly prior versions unaffected_versions: [] cve-2021-45046: investigated: false @@ -6452,11 +6453,10 @@ software: unaffected_versions: [] vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: The CrashPlan app was EOL'd and is now called Code42, so if you detect CrashPlan installed, it is vulnerable. - But you can update easily to Code42 8.8.1 or newer. + notes: I think, they don't specify in the notice, but we know that they released + an updated Crashplan client. Possibly prior versions affected. references: - - 'https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/' - - 'https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates' + - '' last_updated: '2021-12-16T00:00:00' - vendor: CodeBeamer product: '' From de9a3f882b2c4744f0e3c35bd94aef2b21d50a19 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 28 Jan 2022 10:17:11 -0500 Subject: [PATCH 061/268] Update Code42, Crashplan app --- data/cisagov_C.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index b24be77..cd228c3 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -6438,8 +6438,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.8' - - possibly prior versions + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6453,10 +6452,10 @@ software: unaffected_versions: [] vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: I think, they don't specify in the notice, but we know that they released - an updated Crashplan client. Possibly prior versions affected. + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan installed, + it is vulnerable. You can update easily to Code42 8.8.1 or newer. references: - - '' + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' last_updated: '2021-12-16T00:00:00' - vendor: CodeBeamer product: '' From 72daad21e588135e94391c9937152f213a5ac750 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 28 Jan 2022 15:34:30 +0000 Subject: [PATCH 062/268] Update the software list --- SOFTWARE-LIST.md | 2 +- data/cisagov.yml | 9 ++++----- data/cisagov_C.yml | 6 +++--- 3 files changed, 8 insertions(+), 9 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 446b9d9..2151d17 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -558,7 +558,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Cloudron | | | | Unknown | [link](https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Clover | | | | Unknown | [link](https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Code42 | Code42 App | | 8.8.1 | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Code42 | Crashplan | | 8.8, possibly prior versions | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | I think, they don't specify in the notice, but we know that they released an updated Crashplan client. Possibly prior versions affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Code42 | Crashplan | | All | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. | [https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | CodeBeamer | | | | Unknown | [link](https://codebeamer.com/cb/wiki/19872365) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Codesys | | | | Unknown | [link](https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cohesity | | | | Unknown | [link](https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 895f01a..f7a7b7c 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -15904,8 +15904,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.8' - - possibly prior versions + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -15919,10 +15918,10 @@ software: unaffected_versions: [] vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: I think, they don't specify in the notice, but we know that they released - an updated Crashplan client. Possibly prior versions affected. + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. references: - - '' + - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' last_updated: '2021-12-16T00:00:00' - vendor: CodeBeamer product: '' diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index cd228c3..696782e 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -6438,7 +6438,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -6452,8 +6452,8 @@ software: unaffected_versions: [] vendor_links: - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates - notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan installed, - it is vulnerable. You can update easily to Code42 8.8.1 or newer. + notes: The CrashPlan app is EOL and is now called Code42. If you detect CrashPlan + installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. references: - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)' last_updated: '2021-12-16T00:00:00' From ff27c298f75014bf5994ce472311232e749e69ae Mon Sep 17 00:00:00 2001 From: Ebennetteng <60264726+Ebennetteng@users.noreply.github.com> Date: Mon, 31 Jan 2022 17:04:42 +0000 Subject: [PATCH 063/268] updated vendor --- SOFTWARE-LIST.md | 1 + 1 file changed, 1 insertion(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2151d17..651f889 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2011,6 +2011,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | From 060c50db05f934410ba53a88c59d443b8ceadfb6 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 31 Jan 2022 16:00:10 -0700 Subject: [PATCH 064/268] Update cisagov_B.yml Updated BBraun status, updated Beckman Coulter --- data/cisagov_B.yml | 860 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 840 insertions(+), 20 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5cb247d..d2ddc7f 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -216,10 +216,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +236,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: @@ -245,9 +246,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false @@ -264,7 +266,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Outlook® Safety Infusion System Pump family cves: @@ -274,10 +276,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +296,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pinnacle® Compounder cves: @@ -303,10 +306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -322,7 +326,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pump, SpaceStation, and Space® Wireless Battery) cves: @@ -332,10 +336,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +356,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion @@ -362,10 +367,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -381,7 +387,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: @@ -760,7 +766,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: '' + product: Access 2, Unicel DxI 600, Unicel DxI 800 (Immunoassay Systems) cves: cve-2021-4104: investigated: false @@ -768,10 +774,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxC700AU, AU480, AU640, AU680, AU 2700, AU5400, AU5800, AU5800 (Chemistry Systems) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -787,7 +824,790 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600, Unicel DxC 800 (Chemistry Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300, PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService, RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: + - 'Patch' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: + - 'Workaround' + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500/520/560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600, 800, SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900, 690T, SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX, HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500, LH750, LH780, LH785, LH Slidemaker, LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family, Ac•T 5diff (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL, iQ Workcell, iChemVELOCITY, iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm, DxUc, DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express, Power Processor, Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200, 1250, 2500, 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000, DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw, Intelligent Sample Banking ISB, Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI, WalkAway 96 SI, WalkAway 40 plus, WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040, DxM WalkAway 1096, DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: From 6e0266630a905244f7ea28c043bba0784359b3dd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 08:38:28 -0500 Subject: [PATCH 065/268] Add 7Signal Sapphire --- data/cisagov_Non-Alphabet.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 082f969..03ae811 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -125,6 +125,37 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: 7Signal + product: Sapphire + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.7signal.com/info/se-release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: 7-Zip product: '' cves: From 91e10546b14f17c82c8f542ea6dadf5b97c80227 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:40:36 +0000 Subject: [PATCH 066/268] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 31 ++++++++++++++++++++++++++++++ data/cisagov_Non-Alphabet.yml | 36 +++++++++++++++++------------------ 3 files changed, 50 insertions(+), 18 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2151d17..760bdcb 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -27,6 +27,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index f7a7b7c..380af0c 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -154,6 +154,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: 7Signal + product: Sapphire + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.7signal.com/info/se-release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: ABB product: '' cves: diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 03ae811..55687fc 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -125,20 +125,18 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: 7Signal - product: Sapphire + - vendor: 7-Zip + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -151,23 +149,25 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.7signal.com/info/se-release-notes + - https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: 7-Zip - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: 7Signal + product: Sapphire cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -180,9 +180,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1 + - https://www.7signal.com/info/se-release-notes notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' ... From 6accd8374795f1e2cce6c07cd9dbc399bd2ddac9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 08:52:55 -0500 Subject: [PATCH 067/268] Update 7Signal entry --- data/cisagov_Non-Alphabet.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_Non-Alphabet.yml b/data/cisagov_Non-Alphabet.yml index 55687fc..0a182af 100644 --- a/data/cisagov_Non-Alphabet.yml +++ b/data/cisagov_Non-Alphabet.yml @@ -181,8 +181,8 @@ software: unaffected_versions: [] vendor_links: - https://www.7signal.com/info/se-release-notes - notes: '' + notes: Fix released 2021-12-14 references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-14T00:00:00' ... From d83314541cc9708e13dcf88c23f11df57200c1cc Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:59:06 +0000 Subject: [PATCH 068/268] Update the software list --- SOFTWARE-LIST.md | 2 +- data/cisagov.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 760bdcb..b38cb65 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -27,7 +27,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3CX | | | | Unknown | [link](https://www.3cx.com/community/threads/log4j-vulnerability-cve-2021-44228.86436/#post-407911) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 380af0c..fec6c78 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -181,10 +181,10 @@ software: unaffected_versions: [] vendor_links: - https://www.7signal.com/info/se-release-notes - notes: '' + notes: Fix released 2021-12-14 references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2021-12-14T00:00:00' - vendor: ABB product: '' cves: From 6c0b17a6fb7ab6a69221173504fa23b4f53276cd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 09:54:22 -0500 Subject: [PATCH 069/268] Add Zeiss products --- data/cisagov_Z.yml | 186 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 186 insertions(+) diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 13f553c..a7326c8 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -120,6 +120,192 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zeiss + product: Cataract Suite + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.3.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.6, 1.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.5.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.5.x, 2.6.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: From c18c68b4e21bb20274c4fc6a38f4607ed29ad3f6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:02:25 -0500 Subject: [PATCH 070/268] Add Zerto products --- data/cisagov_Z.yml | 123 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 113 insertions(+), 10 deletions(-) diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index a7326c8..ee42dc4 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -398,34 +398,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: From 653cbcc8877d3d05f3cc3c63fb8e82cb3bfa4778 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:15:17 -0500 Subject: [PATCH 071/268] Add NCSC-NL as source --- config/SOFTWARE-LIST.tpl.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/SOFTWARE-LIST.tpl.md b/config/SOFTWARE-LIST.tpl.md index 25bd21f..581ca18 100644 --- a/config/SOFTWARE-LIST.tpl.md +++ b/config/SOFTWARE-LIST.tpl.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- NCSC-NL NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). From fe334216a26f529018ef3d6d9636c37261d5d9e0 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:17:07 +0000 Subject: [PATCH 072/268] Update the software list --- SOFTWARE-LIST.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index b38cb65..45a5a86 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- NCSC-NL NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). From 116d98eb81df43f6abc38784b4b9d6566238877c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:17:35 -0500 Subject: [PATCH 073/268] Add NCSC-NL as source --- config/SOFTWARE-LIST.tpl.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/SOFTWARE-LIST.tpl.md b/config/SOFTWARE-LIST.tpl.md index 25bd21f..581ca18 100644 --- a/config/SOFTWARE-LIST.tpl.md +++ b/config/SOFTWARE-LIST.tpl.md @@ -12,10 +12,11 @@ ## Software List ## -This list was initially populated using information from the following sources: +This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak +- NCSC-NL NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). From 5bf46637f8ed7b00fb8b690582cad000ec858c55 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:23:31 -0500 Subject: [PATCH 074/268] Add Zyxel products --- data/cisagov_Z.yml | 81 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 75 insertions(+), 6 deletions(-) diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index ee42dc4..425c32f 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -733,13 +733,80 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -748,15 +815,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: '' From d1d28c946c29cf4cb735320eb08a59555f900fda Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:26:04 -0500 Subject: [PATCH 075/268] Update Zoom entry --- data/cisagov_Z.yml | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 425c32f..3203a0e 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -620,25 +620,29 @@ software: product: '' cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' From 72e045ace0421efb580a3fd5a133db41ffd827b1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:28:50 -0500 Subject: [PATCH 076/268] Add Zoho --- data/cisagov_Z.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 3203a0e..0b56595 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -616,6 +616,39 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Zoho + product: Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zoom product: '' cves: From 6357717f67e726486f35aa54624f6c47d1d4e791 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:34:52 +0000 Subject: [PATCH 077/268] Update the software list --- SOFTWARE-LIST.md | 16 +- data/cisagov.yml | 439 ++++++++++++++++++++++++++++++++++++++++++--- data/cisagov_Z.yml | 12 +- 3 files changed, 437 insertions(+), 30 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 45a5a86..e002271 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3004,15 +3004,27 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zebra | | | | Unknown | [link](https://www.zebra.com/us/en/support-downloads/lifeguard-security/cve-2021-442280-dubbed-log4shell-or-logjam-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zeiss | Cataract Suite | | 1.3.1 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | EQ Workplace | | 1.6, 1.8 | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | FORUM | | 4.2.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Glaucoma Workplace | | 3.5.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Laser Treatment Workplace | | 1.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zeiss | Retina Workplace | | 2.5.x, 2.6.x | Fixed | [link](https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html) | Patch is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zendesk | All Products | All Versions | | Affected | [link](https://support.zendesk.com/hc/en-us/articles/4413583476122) | Zendesk products are all cloud-based; thus there are no updates for the customers to install as the company is working on patching their infrastructure and systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Zenoss | | | | Unknown | [link](https://support.zenoss.com/hc/en-us) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zentera Systems, Inc. | CoIP Access Platform | | | Not Affected | [link](https://support.zentera.net/hc/en-us/articles/4416227743511--CVE-2021-44228-Log4Shell-Vulnerability-in-Apache-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Zerto | | | | Unknown | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zerto | Cloud Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Cloud Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Manager | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zerto | Virtual Replication Appliance | | | Not Affected | [link](https://help.zerto.com/kb/000004822) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | | Zesty | | | | Unknown | [link](https://www.zesty.io/mindshare/company-announcements/log4j-exploit/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zimbra | | | | Unknown | [link](https://bugzilla.zimbra.com/show_bug.cgi?id=109428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zix | | | | Unknown | [link](https://status.appriver.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Zoom | | | | Unknown | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zoho | Online | | | Unknown | [link](https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-02-01 | +| Zoom | | | | Not Affected | [link](https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZPE systems Inc | | | | Unknown | [link](https://support.zpesystems.com/portal/en/kb/articles/is-nodegrid-os-and-zpe-cloud-affected-by-cve-2021-44228-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zscaler | See Link (Multiple Products) | | | Unknown | [link](https://trust.zscaler.com/posts/9581) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Zyxel | | | | Unknown | [link](https://www.zyxel.com/support/Zyxel_security_advisory_for_Apache_Log4j_RCE_vulnerability.shtml) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Zyxel | All other products | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Zyxel | Netlas Element Management System (EMS) | | | Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Zyxel | Security Firewall/Gateways | | | Not Affected | [link](https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/data/cisagov.yml b/data/cisagov.yml index fec6c78..db38138 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -88339,6 +88339,192 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Zeiss + product: Cataract Suite + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: EQ Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.6, 1.8 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: FORUM + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.2.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Glaucoma Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Laser Treatment Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zeiss + product: Retina Workplace + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.5.x, 2.6.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.zeiss.com/meditec/int/cybersecurity/apache-log4j/english.html + notes: Patch is available. + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zendesk product: All Products cves: @@ -88431,34 +88617,137 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Zerto - product: '' + product: Cloud Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://help.zerto.com/kb/000004822 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Cloud Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Manager + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zerto + product: Virtual Replication Appliance + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zerto.com/kb/000004822 + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' - vendor: Zesty product: '' cves: @@ -88546,29 +88835,66 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Zoom - product: '' + - vendor: Zoho + product: Online cves: cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://help.zoho.com/portal/en/community/topic/update-on-the-recent-apache-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2021-02-01T00:00:00' + - vendor: Zoom + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://explore.zoom.us/en/trust/security/security-bulletin/security-bulletin-log4j/?=nocache notes: '' @@ -88663,13 +88989,80 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Zyxel - product: Security Firewall/Gateways + product: All other products cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Netlas Element Management System (EMS) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability + notes: Hotfix availibility Dec. 20 2021. Patch availability in end of Feb. 2022. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Zyxel + product: Security Firewall/Gateways + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -88678,15 +89071,17 @@ software: - ZLD Firmware Security Services - Nebula cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://community.zyxel.com/en/discussion/12229/zyxel-security-advisory-for-apache-log4j-rce-vulnerability notes: '' diff --git a/data/cisagov_Z.yml b/data/cisagov_Z.yml index 0b56595..9cc36a6 100644 --- a/data/cisagov_Z.yml +++ b/data/cisagov_Z.yml @@ -133,7 +133,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.3.1' + - 1.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -164,7 +164,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.6, 1.8' + - 1.6, 1.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -195,7 +195,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.2.x' + - 4.2.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -226,7 +226,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.5.x' + - 3.5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -257,7 +257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.x' + - 1.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -288,7 +288,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.5.x, 2.6.x' + - 2.5.x, 2.6.x unaffected_versions: [] cve-2021-45046: investigated: false From 3bdde3eac3d49e7c280bca9297a847e405e251a5 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:41:22 -0500 Subject: [PATCH 078/268] Update Daktronics entries --- data/cisagov_D.yml | 36 ++++++++++++++++++------------------ 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index f8738da..3b9a85c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -74,7 +74,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - DWP-1000 + - 'DWP-1000' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -89,8 +89,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -166,7 +166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - P10 + - 'P10' cve-2021-45046: investigated: false affected_versions: [] @@ -196,13 +196,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - AMP-R200 - - AMP-R400 - - AMP-R800 - - AMP-SM100 - - AMP-SE100 - - AMP-SM200 - - AMP-SM400 + - 'AMP-R200' + - 'AMP-R400' + - 'AMP-R800' + - 'AMP-SM100' + - 'AMP-SE100' + - 'AMP-SM200' + - 'AMP-SM400' cve-2021-45046: investigated: false affected_versions: [] @@ -244,8 +244,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + notes: DMS Web Player not present in our codebase, but awaiting confirmation + from LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -262,7 +262,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3257 + - 'A-3257' - '3256' - '2270' - '2269' @@ -296,7 +296,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3189335 + - 'A-3189335' - '3128' - '3416' - '3418' @@ -332,7 +332,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-4036028 + - 'A-4036028' cve-2021-45046: investigated: false affected_versions: [] @@ -362,7 +362,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - A-3665 + - 'A-3665' cve-2021-45046: investigated: false affected_versions: [] @@ -390,7 +390,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - A-3350704 + - 'A-3350704' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From a4200ad0c4bb178887442acb86fc4e3daef394cf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 10:44:33 -0500 Subject: [PATCH 079/268] Remove whitespace --- data/cisagov_B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index d2ddc7f..6013fc4 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -1127,7 +1127,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter product: DxH 900, 690T, SMS II (Hematology) cves: From 768dc4061d1486665ba23823a78ed90ce8ef9f39 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 11:37:14 -0500 Subject: [PATCH 080/268] Sort and separate products --- data/cisagov_B.yml | 1299 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 1263 insertions(+), 36 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 6013fc4..311f50c 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -766,7 +766,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: Access 2, Unicel DxI 600, Unicel DxI 800 (Immunoassay Systems) + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -796,7 +796,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxC700AU, AU480, AU640, AU680, AU 2700, AU5400, AU5800, AU5800 (Chemistry Systems) + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -826,7 +826,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Unicel DxC 600, Unicel DxC 800 (Chemistry Systems) + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -856,7 +856,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: PK7300, PK7400 (Blood Bank) + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -886,7 +886,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: PROService, RAP Box (Information Systems) + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -915,6 +915,726 @@ software: references: - '' last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter product: DxONE Inventory Manager (Information Systems) cves: @@ -946,7 +1666,277 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxONE Insights (Information Systems) + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -955,11 +1945,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - 'All' - fixed_versions: - - 'Patch' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -972,12 +1991,12 @@ software: unaffected_versions: [] vendor_links: - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Patch has been applied + notes: '' references: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: REMISOL ADVANCE (Information Systems) + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -1007,7 +2026,67 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxONE Command Central (Information Systems) + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) cves: cve-2021-4104: investigated: false @@ -1018,8 +2097,36 @@ software: investigated: true affected_versions: - 'All' - fixed_versions: - - 'Workaround' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] unaffected_versions: - 'All' cve-2021-45046: @@ -1034,12 +2141,12 @@ software: unaffected_versions: [] vendor_links: - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Customers can follow instructions to remove log4j + notes: '' references: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxONE Workflow Manager (Information Systems) + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -1069,7 +2176,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 500/520/560 (Hematology) + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -1099,7 +2206,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 600, 800, SMS (Hematology) + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -1129,7 +2236,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 900, 690T, SMS II (Hematology) + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -1159,7 +2266,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: HmX, HmX AL (Hematology) + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -1189,7 +2296,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH 500, LH750, LH780, LH785, LH Slidemaker, LH Slidestraine (Hematology) + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -1219,7 +2326,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ac•T Family, Ac•T 5diff (Hematology) + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -1249,7 +2356,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: iRICELL, iQ Workcell, iChemVELOCITY, iQ200 (Urinalysis) + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -1279,7 +2386,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxUm, DxUc, DxU Workcell (Urinalysis) + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1309,7 +2416,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Power Express, Power Processor, Power Link (Lab Automation) + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1339,7 +2446,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AutoMate 1200, 1250, 2500, 2550 (Lab Automation) + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1369,7 +2476,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxA 5000, DxA 5000 Fit (Lab Automation) + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -1399,7 +2506,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ipaw, Intelligent Sample Banking ISB, Sorting Drive (Lab Automation) + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -1429,7 +2536,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -1438,10 +2545,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: [] + unaffected_versions: - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1454,12 +2591,12 @@ software: unaffected_versions: [] vendor_links: - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: The only known instance of vulnerability due to Log4J is using Axeda services + notes: '' references: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: MicroScan autoSCAN-4 (Microbiology) + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1489,7 +2626,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: HighFlexX Software (Microbiology) + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1519,7 +2656,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: WalkAway 40 SI, WalkAway 96 SI, WalkAway 40 plus, WalkAway 96 plus (Microbiology) + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -1549,7 +2686,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxM WalkAway 1040, DxM WalkAway 1096, DxM Autoplak (Microbiology) + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -1579,7 +2716,97 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: IMMAGE 800 (Nephelometry) + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false From 87863c903d5689d9ea40d8d497a343d6913cfa93 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:41:25 +0000 Subject: [PATCH 081/268] Update the software list --- SOFTWARE-LIST.md | 82 +- data/cisagov.yml | 2088 +++++++++++++++++++++++++++++++++++++++++++- data/cisagov_B.yml | 187 ++-- 3 files changed, 2237 insertions(+), 120 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index e002271..88658c9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -202,12 +202,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Barco | | | | Unknown | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Barracuda | | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Baxter | | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Outlook® Safety Infusion System Pump family | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pinnacle® Compounder | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Unknown | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -221,7 +221,75 @@ NOTE: This file is automatically generated. To submit updates, please refer to | BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Beckman Coulter | | | | Unknown | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU2700 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU480 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5400 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU5800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU640 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AU680 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1200 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 1250 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2500 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | AutoMate 2550 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxA 5000 Fit (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 520 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 560 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 600 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 690T (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 800 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH 900 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxH SMS II (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM Autoplak (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1040 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxM WalkAway 1096 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Command Central (Information Systems) | | All | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Customers can follow instructions to remove log4j | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Insights (Information Systems) | | | Fixed | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | Patch has been applied. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Inventory Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxONE Workflow Manager (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxU Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUc (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | DxUm (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HighFlexX Software (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | HmX AL (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iChemVELOCITY (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | IMMAGE 800 (Nephelometry) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Intelligent Sample Banking ISB (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Ipaw (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ Workcell (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iQ200 (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | iRICELL (Urinalysis) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) | All | | Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | The only known instance of vulnerability due to Log4J is using Axeda services | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH 500 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidemaker (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH Slidestraine (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH750 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH780 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | LH785 (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | MicroScan autoSCAN-4 (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7300 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PK7400 (Blood Bank) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Express (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Link (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Power Processor (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | PROService (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | RAP Box (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | REMISOL ADVANCE (Information Systems) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Sorting Drive (Lab Automation) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 600 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxC 800 (Chemistry System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 600 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | Unicel DxI 800 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 40 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 plus (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| Beckman Coulter | WalkAway 96 SI (Microbiology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beijer Electronics | acirro+ | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BFI frequency inverters | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | BSD servo drives | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index db38138..f5148b9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -5446,10 +5446,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5465,7 +5466,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: @@ -5475,9 +5476,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -5494,7 +5496,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Outlook® Safety Infusion System Pump family cves: @@ -5504,10 +5506,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5523,7 +5526,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pinnacle® Compounder cves: @@ -5533,10 +5536,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5552,7 +5556,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Pump, SpaceStation, and Space® Wireless Battery) cves: @@ -5562,10 +5566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5581,7 +5586,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BBraun product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion @@ -5592,10 +5597,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5611,7 +5617,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: @@ -5990,7 +5996,37 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter - product: '' + product: Access 2 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -5998,10 +6034,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6017,7 +6084,1988 @@ software: notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' - vendor: Beijer Electronics product: acirro+ cves: diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 311f50c..8368b2e 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -220,7 +220,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -249,7 +249,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -280,7 +280,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -310,7 +310,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -340,7 +340,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -371,7 +371,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -778,7 +778,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -796,7 +796,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ac•T Family (Hematology) + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -808,7 +808,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -826,7 +826,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: Ac•T 5diff (Hematology) + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -838,7 +838,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -856,7 +856,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU480 (Chemistry System) + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -868,7 +868,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -886,7 +886,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU640 (Chemistry System) + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -898,7 +898,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -916,7 +916,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU680 (Chemistry System) + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -928,7 +928,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -946,7 +946,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU2700 (Chemistry System) + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -958,7 +958,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -976,7 +976,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU5400 (Chemistry System) + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -988,7 +988,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1006,7 +1006,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: AU5800 (Chemistry System) + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1018,7 +1018,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1048,7 +1048,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1078,7 +1078,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1108,7 +1108,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1138,7 +1138,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1168,7 +1168,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1198,7 +1198,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1228,7 +1228,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1258,7 +1258,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1288,7 +1288,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1318,7 +1318,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1336,7 +1336,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 800 (Hematology) + product: DxH 690T (Hematology) cves: cve-2021-4104: investigated: false @@ -1348,7 +1348,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1366,7 +1366,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH SMS (Hematology) + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -1378,7 +1378,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1408,7 +1408,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1426,7 +1426,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: DxH 690T (Hematology) + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -1438,7 +1438,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1468,7 +1468,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1498,7 +1498,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1528,7 +1528,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1558,7 +1558,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1587,7 +1587,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1648,7 +1648,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1678,7 +1678,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1708,7 +1708,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1738,7 +1738,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1768,7 +1768,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1798,7 +1798,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1828,7 +1828,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1858,7 +1858,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1888,7 +1888,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1918,7 +1918,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1948,7 +1948,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1978,7 +1978,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1996,7 +1996,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: iQ200 (Urinalysis) + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2008,7 +2008,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2026,7 +2026,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: iQ Workcell (Urinalysis) + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2038,7 +2038,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2068,7 +2068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2086,7 +2086,8 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter (Microbiology) + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -2096,7 +2097,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2128,7 +2129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2146,7 +2147,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH750 (Hematology) + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -2158,7 +2159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2176,7 +2177,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH780 (Hematology) + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -2188,7 +2189,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2206,7 +2207,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH785 (Hematology) + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -2218,7 +2219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2236,7 +2237,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH Slidemaker (Hematology) + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -2248,7 +2249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2266,7 +2267,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: Beckman Coulter - product: LH Slidestraine (Hematology) + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -2278,7 +2279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2308,7 +2309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2338,7 +2339,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2368,7 +2369,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2398,7 +2399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2428,7 +2429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2458,7 +2459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2488,7 +2489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2518,7 +2519,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2548,7 +2549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2578,7 +2579,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2608,7 +2609,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2638,7 +2639,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2668,7 +2669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2698,7 +2699,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2728,7 +2729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2758,7 +2759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2788,7 +2789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2818,7 +2819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] From 5e5fee897e66584847474963f25bb47d8c297909 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:12:12 -0500 Subject: [PATCH 082/268] Update Darktrace entry --- data/cisagov_D.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3b9a85c..3d4ba8e 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -588,7 +588,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: DarkTrace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -612,7 +612,7 @@ software: unaffected_versions: [] vendor_links: - https://customerportal.darktrace.com/inside-the-soc/get-article/201 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' From a509271b8aa3dcc368933e154fb91db40ec743a0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:15:18 -0500 Subject: [PATCH 083/268] Update Dassualt & Databricks --- data/cisagov_D.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3d4ba8e..4c3f8f2 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -617,7 +617,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -641,12 +641,12 @@ software: unaffected_versions: [] vendor_links: - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -675,10 +675,10 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog - product: Datadog Agent + product: Agent cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -687,9 +687,9 @@ software: affected_versions: [] fixed_versions: - '>=6.17.0' - - <=6.32.2 + - '<=6.32.2' - '>=7.17.0' - - <=7.32.2 + - '<=7.32.2' unaffected_versions: [] cve-2021-45046: investigated: false From f89db346a6fc52f43d2e303f06c17e324c7265bf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:24:17 -0500 Subject: [PATCH 084/268] Add Datadog entries --- data/cisagov_D.yml | 69 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 3 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 4c3f8f2..29c18a3 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -675,13 +675,14 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datadog - product: Agent + product: Datadog Agent cves: cve-2021-4104: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -703,7 +704,69 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: '' + notes: JMX monitoring component leverages an impacted version of log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' From cbd9ed7fe22cba5a9f1e2c89b2c7ec28b14ce4fe Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:34:54 -0500 Subject: [PATCH 085/268] Add DBeaver, small edits --- data/cisagov_D.yml | 39 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 36 insertions(+), 3 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 29c18a3..eb5f5af 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -771,7 +771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -829,7 +829,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -857,8 +857,41 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: dCache.org - product: '' + product: All cves: cve-2021-4104: investigated: false From fda6ce74fd36ed80cee4633764bc11ce5af14d39 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:38:08 -0500 Subject: [PATCH 086/268] Add Debian products --- data/cisagov_D.yml | 37 +++++++++++++++++++++++++++++++++++-- 1 file changed, 35 insertions(+), 2 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index eb5f5af..386a6b0 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -920,18 +920,51 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian - product: '' + product: Apache-log4j.1.2 cves: cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://security-tracker.debian.org/tracker/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Debian + product: Apache-log4j2 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] From ccc0e36e0e159fffad003a0afa302ff2cf630e18 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:42:22 -0500 Subject: [PATCH 087/268] remove trailing whitespace, Datadog --- data/cisagov_D.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 386a6b0..9834dd3 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -766,7 +766,7 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). + notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' From 66c8be9a318b29ebe79dffb14ae2e66ee12b83c7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 13:52:44 -0500 Subject: [PATCH 088/268] Add Decos products --- data/cisagov_D.yml | 227 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 227 insertions(+) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 9834dd3..13e8e18 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -981,6 +981,233 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Decos + product: Cloud + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' - vendor: Deepinstinct product: '' cves: From 8f52bdb4d26db77eb79f90cbe9cfc001d12cb3b7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 14:13:46 -0500 Subject: [PATCH 089/268] Update/add Dell products through Avamar vproxy --- data/cisagov_D.yml | 201 +++++++++++++++++++-------------------------- 1 file changed, 83 insertions(+), 118 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 13e8e18..754078e 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1209,7 +1209,7 @@ software: - '' last_updated: '2022-02-01T07:18:50+00:00' - vendor: Deepinstinct - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1238,89 +1238,32 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + product: Alienware Command Center cves: cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1331,26 +1274,29 @@ software: product: Alienware OC Controls cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1361,26 +1307,29 @@ software: product: Alienware On Screen Display cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1391,26 +1340,29 @@ software: product: Alienware Update cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1421,29 +1373,32 @@ software: product: APEX Console cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - - N/A + - '' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' @@ -1451,28 +1406,32 @@ software: product: APEX Data Storage Services cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: Cloud environment patch in progress. references: - '' last_updated: '2021-12-15T00:00:00' @@ -1480,26 +1439,29 @@ software: product: Atmos cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1507,29 +1469,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Avamar vproxy cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' From 84754ab03e06700775d13152db4291a0c3d6ebce Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 14:29:49 -0500 Subject: [PATCH 090/268] Update/Add Dell products, through Cloud --- data/cisagov_D.yml | 224 ++++++++++++++++++++++++++++++++------------- 1 file changed, 159 insertions(+), 65 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 754078e..739fcf6 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1505,26 +1505,29 @@ software: product: CalMAN Powered Calibration Firmware cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1535,26 +1538,29 @@ software: product: CalMAN Ready for Dell cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1565,26 +1571,29 @@ software: product: Centera cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1595,26 +1604,29 @@ software: product: Chameleon Linux Based Diagnostics cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1625,26 +1637,29 @@ software: product: Chassis Management Controller (CMC) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1655,26 +1670,29 @@ software: product: China HDD Deluxe cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1685,28 +1703,32 @@ software: product: Cloud IQ cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: Cloud environment patched. references: - '' last_updated: '2021-12-15T00:00:00' @@ -1714,26 +1736,29 @@ software: product: Cloud Mobility for Dell EMC Storage cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1744,26 +1769,95 @@ software: product: Cloud Tiering Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CloudIQ Collector + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Common Event Enabler + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' From b7bacc95e446e0fc6671f1db3413c6a1d862fad7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 14:33:56 -0500 Subject: [PATCH 091/268] Fix indent issue --- data/cisagov_D.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 739fcf6..f08f4ee 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1521,13 +1521,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '' cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' From b73968802b10dacf46fe9aded68cf93780ab4ce6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 15:47:55 -0500 Subject: [PATCH 092/268] Update/Add Dell products through Data Domain --- data/cisagov_D.yml | 62 +++++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 28 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index f08f4ee..9100be3 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1868,26 +1868,29 @@ software: product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -1898,36 +1901,39 @@ software: product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: [] + affected_versions: + 'Versions prior to 11.5(1x)' fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: Patch expected by 12/23/21. references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connectrix B-Series SANnav cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1938,26 +1944,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: Patch expected by 2/28/2022. references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connextrix B Series cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1966,14 +1972,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -1996,7 +2002,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2026,7 +2032,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2054,7 +2060,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2071,7 +2077,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-274 references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell BSAFE Crypto-C Micro Edition From 498fcbbf71e7b13aed05067e55ea63b0bb556ab2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:05:32 -0500 Subject: [PATCH 093/268] Update Dell Products through Dell EMC DCA --- data/cisagov_D.yml | 109 ++++++++++++++++++++++++++++++--------------- 1 file changed, 72 insertions(+), 37 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 9100be3..df05ebd 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -2092,7 +2092,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2122,7 +2122,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2152,7 +2152,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2182,7 +2182,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2212,7 +2212,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2242,7 +2272,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2272,7 +2302,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2302,7 +2332,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2332,7 +2362,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2362,7 +2392,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2392,7 +2422,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2422,7 +2452,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2452,7 +2482,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2482,7 +2512,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2512,7 +2542,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2542,7 +2572,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2572,7 +2602,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2602,7 +2632,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2632,7 +2662,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2662,7 +2692,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2692,7 +2722,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2722,7 +2752,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2752,7 +2782,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2782,7 +2812,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2812,7 +2842,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2842,7 +2872,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2900,7 +2930,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2915,9 +2949,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: Patch expected by 12/20/21. references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC BSN Controller Node @@ -2930,7 +2964,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2946,7 +2981,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-305 references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloud Disaster Recovery @@ -2959,7 +2994,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - 'Versions from 19.6 and later' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2976,7 +3011,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch pending references: - - '' + - 'https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloudboost @@ -2991,7 +3026,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,7 +3056,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3051,7 +3086,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3081,7 +3116,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From 863158f02584055d45e3dae1773d8ab577ab721d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:13:26 -0500 Subject: [PATCH 094/268] Add YSoft entries --- data/cisagov_Y.yml | 91 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index cc2fe73..ad41e58 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,6 +4,97 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<=6.0.63' + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: From 8aca06ccc6785d143aa10b9171bdd0aaf4aa51e1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:26:24 -0500 Subject: [PATCH 095/268] Add Yokogawa Products --- data/cisagov_Y.yml | 417 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 391 insertions(+), 26 deletions(-) diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index ad41e58..79edfbf 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -4,8 +4,159 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: - - vendor: YSoft - product: SAFEQ 4 + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yellowbrick + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YellowFin + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8.0.10.3, 9.7.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: YOKOGAWA + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) cves: cve-2021-4104: investigated: false @@ -29,13 +180,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-02-01T07:18:50+00:00' - - vendor: YSoft - product: SAFEQ 5 + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaopc cves: cve-2021-4104: investigated: false @@ -59,13 +240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-02-01T07:18:50+00:00' - - vendor: YSoft - product: SAFEQ 6 + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -75,8 +256,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '<=6.0.63' + fixed_versions: [] unaffected_versions: - '' cve-2021-45046: @@ -90,13 +270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-02-01T07:18:50+00:00' - - vendor: Yellowbrick - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum cves: cve-2021-4104: investigated: false @@ -104,10 +284,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: FAST/TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -119,13 +330,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: YellowFin - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM cves: cve-2021-4104: investigated: false @@ -133,10 +344,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -148,13 +390,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-22T00:00:00' - vendor: YOKOGAWA - product: '' + product: ProSafe-RS Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM cves: cve-2021-4104: investigated: false @@ -162,10 +434,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -182,8 +485,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YSoft + product: SAFEQ 4 cves: cve-2021-4104: investigated: false @@ -191,10 +494,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -210,5 +544,36 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<=6.0.63' + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' ... From 27ab8c3cb17d573a35e1251eb539dc1aa1965327 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:30:01 -0500 Subject: [PATCH 096/268] Fix trailing whitespace --- data/cisagov_Y.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index 79edfbf..ea12dca 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -36,7 +36,7 @@ software: notes: Your Vespa application may still be affected if log4j is included in your application package. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: From c1649674e8e5eb09bfca9d2e60b9f9d9b8dfcbc0 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 1 Feb 2022 21:35:23 +0000 Subject: [PATCH 097/268] Update the software list --- SOFTWARE-LIST.md | 21 +- data/cisagov.yml | 474 ++++++++++++++++++++++++++++++++++++++++++++- data/cisagov_Y.yml | 18 +- 3 files changed, 496 insertions(+), 17 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 88658c9..c297288 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3064,10 +3064,25 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YellowFin | | | | Unknown | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| YOKOGAWA | | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| YSoft SAFEQ | | | | Unknown | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Yenlo | Connext | | | Not Affected | [link](https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/) | Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| YOKOGAWA | CENTUM VP | | | Unknown | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CENTUM VP (other components) | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | CI Server | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaopc | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaplog | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | Exaquantum | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | FAST/TOOLS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | PRM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | ProSafe-RS Lite | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | STARDOM | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YOKOGAWA | VTSPortal | | | Not Affected | [link](https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| YSoft | SAFEQ 4 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 5 | | | Not Affected | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| YSoft | SAFEQ 6 | | <=6.0.63 | Fixed | [link](https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | | Zabbix | | | | Unknown | [link](https://blog.zabbix.com/zabbix-not-affected-by-the-log4j-exploit/17873/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ZAMMAD | | | | Unknown | [link](https://community.zammad.org/t/cve-2021-44228-elasticsearch-users-be-aware/8256) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Zaproxy | | | | Unknown | [link](https://www.zaproxy.org/blog/2021-12-10-zap-and-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index f5148b9..ae96426 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -90155,6 +90155,40 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: Yahoo + product: Vespa + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://blog.vespa.ai/log4j-vulnerability/ + notes: Your Vespa application may still be affected if log4j is included in your + application package. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Yellowbrick product: '' cves: @@ -90185,7 +90219,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YellowFin - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -90193,10 +90227,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0.10.3, 9.7.0.2 + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Yenlo + product: Connext + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -90208,13 +90274,74 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: '' + - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: YOKOGAWA - product: '' + product: CENTUM VP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CENTUM VP (other components) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: CI Server cves: cve-2021-4104: investigated: false @@ -90222,10 +90349,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaopc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -90242,8 +90400,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: YSoft SAFEQ - product: '' + - vendor: YOKOGAWA + product: Exaplog cves: cve-2021-4104: investigated: false @@ -90251,10 +90409,251 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: Exaquantum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: FAST/TOOLS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: PRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: ProSafe-RS Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: STARDOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YOKOGAWA + product: VTSPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: YSoft + product: SAFEQ 4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -90270,7 +90669,68 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: YSoft + product: SAFEQ 6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=6.0.63 + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ysoft.com/getattachment/Products/Security/Standards-Compliance/text/Information-Security-Policy-Statement/YSOFT-SAFEQ-LOG4J-VULNERABILITY-PRODUCT-UPDATE-WORKAROUND-1.pdf + notes: '' + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' - vendor: Zabbix product: '' cves: diff --git a/data/cisagov_Y.yml b/data/cisagov_Y.yml index ea12dca..006fd08 100644 --- a/data/cisagov_Y.yml +++ b/data/cisagov_Y.yml @@ -33,7 +33,8 @@ software: - '' vendor_links: - https://blog.vespa.ai/log4j-vulnerability/ - notes: Your Vespa application may still be affected if log4j is included in your application package. + notes: Your Vespa application may still be affected if log4j is included in your + application package. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -78,7 +79,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.0.10.3, 9.7.0.2' + - 8.0.10.3, 9.7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -92,7 +93,8 @@ software: unaffected_versions: [] vendor_links: - https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2 - notes: v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. + notes: v7 and v6 releases are not affected unless you have manually upgraded to + Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -109,7 +111,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.x' + - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -122,7 +124,8 @@ software: unaffected_versions: [] vendor_links: - https://www.yenlo.com/news/vulnerability-code-log4shell-log4j2/ - notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components are not vulnerable. + notes: Connext Platform (Managed WSO2 Cloud) and all underlying middleware components + are not vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -181,7 +184,8 @@ software: unaffected_versions: [] vendor_links: - https://www.yokogawa.com/us/solutions/products-platforms/announcements/important-notice/log4shell/ - notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is still under investigation. + notes: Unified Gateway Station (UGS2) Standard Function R6.06.00 or earlier is + still under investigation. references: - '' last_updated: '2021-12-22T00:00:00' @@ -557,7 +561,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<=6.0.63' + - <=6.0.63 unaffected_versions: - '' cve-2021-45046: From e2f22c4620854471129cea0f0016df9fb885a377 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:38:36 -0500 Subject: [PATCH 098/268] Update Google Cloud to BigQuery --- data/cisagov_G.yml | 120 +++++++++++++++++++++++++++------------------ 1 file changed, 72 insertions(+), 48 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 88012b6..753ac03 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -723,10 +724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -755,10 +757,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -785,10 +788,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -815,10 +819,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -845,10 +850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +884,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -908,10 +915,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -938,10 +946,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -968,10 +977,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,10 +1008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,10 +1043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1062,10 +1074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1092,10 +1105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1127,10 +1141,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1160,10 +1175,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,10 +1209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1223,10 +1240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,10 +1271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1283,10 +1302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1343,10 +1364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1373,10 +1395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1403,10 +1426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 14c20608663c9f66655d85bb79c2b8c1425d7d8c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 1 Feb 2022 16:46:24 -0500 Subject: [PATCH 099/268] Update Google Cloud to CompilerWorks --- data/cisagov_G.yml | 225 +++++++++++++++++++++++++++------------------ 1 file changed, 135 insertions(+), 90 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 753ac03..05a7dfb 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1457,10 +1457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1487,10 +1488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1517,10 +1519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1548,10 +1551,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1578,10 +1582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1608,10 +1613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1638,10 +1644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1668,10 +1675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1698,10 +1706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1731,10 +1740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1761,10 +1771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1796,10 +1807,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1826,10 +1838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1856,10 +1869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1886,10 +1900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1916,10 +1931,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1946,10 +1962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1976,10 +1993,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2006,10 +2024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2039,10 +2058,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2069,10 +2089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2099,10 +2120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2129,10 +2151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2159,10 +2182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2189,10 +2213,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2219,10 +2244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2249,10 +2275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2279,10 +2306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2309,10 +2337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2339,10 +2368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2372,10 +2402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2405,10 +2436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2435,10 +2467,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2465,10 +2498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2498,10 +2532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2528,10 +2563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2558,10 +2594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2588,10 +2625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2618,10 +2656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2648,10 +2687,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2678,10 +2718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2708,10 +2749,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2738,10 +2780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2768,10 +2811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2798,10 +2842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 9f992c4144892df7a884dc39d29e88ef3c06f6fd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 07:59:48 -0500 Subject: [PATCH 100/268] Update Google Cloud through Looker --- data/cisagov_G.yml | 150 +++++++++++++++++++++++++++------------------ 1 file changed, 90 insertions(+), 60 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 05a7dfb..8978cb5 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -2873,10 +2873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2903,10 +2904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2935,10 +2937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2965,10 +2968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2995,10 +2999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3025,10 +3030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3057,10 +3063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3090,10 +3097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3120,10 +3128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3154,10 +3163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3186,10 +3196,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3219,10 +3230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3249,10 +3261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3279,10 +3292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3309,10 +3323,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3339,10 +3354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3369,10 +3385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3399,10 +3416,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3431,10 +3449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3461,10 +3480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3491,10 +3511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3521,10 +3542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3551,10 +3573,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3581,10 +3604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3611,10 +3635,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3644,10 +3669,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3674,10 +3700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3704,10 +3731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3734,10 +3762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3764,10 +3793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 4ef7442b3c5f42dd2659656f1b346c6633da4b7a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:05:56 -0500 Subject: [PATCH 101/268] Finish Google Cloud product updates --- data/cisagov_G.yml | 150 +++++++++++++++++++++++++++------------------ 1 file changed, 90 insertions(+), 60 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 8978cb5..af20044 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -3831,10 +3831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3861,10 +3862,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3891,10 +3893,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3921,10 +3924,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3954,10 +3958,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3984,10 +3989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4014,10 +4020,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4044,10 +4051,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4074,10 +4082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4104,10 +4113,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4137,10 +4147,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4167,10 +4178,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4197,10 +4209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4227,10 +4240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4257,10 +4271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4287,10 +4302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4317,10 +4333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4347,10 +4364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4377,10 +4395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4407,10 +4426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4437,10 +4457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4467,10 +4488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4497,10 +4519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4527,10 +4550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4557,10 +4581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4587,10 +4612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4617,10 +4643,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4647,10 +4674,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4677,10 +4705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4707,10 +4736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From e10830cafac4ed3d70687b1815f3935fb56a3d8e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:12:20 -0500 Subject: [PATCH 102/268] Update Gradle & Grafana products --- data/cisagov_G.yml | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index af20044..4c8d896 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -4759,7 +4759,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4767,10 +4767,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4797,9 +4798,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2021.3.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 2021.3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4827,9 +4828,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 10.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 10.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4857,9 +4858,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 1.6.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4878,7 +4879,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4886,10 +4887,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 46331c4c53278fc02a4f3a40f717fa83ad141f09 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:25:14 -0500 Subject: [PATCH 103/268] Update GE Gas Power products --- data/cisagov_G.yml | 55 +++++++++++++++++++++++++--------------------- 1 file changed, 30 insertions(+), 25 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 4c8d896..2c86e88 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -73,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -88,8 +89,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -102,8 +104,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -117,9 +120,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -132,9 +134,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -147,11 +150,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. references: - - '' + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Control Server @@ -162,8 +166,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -177,9 +182,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -192,9 +196,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -207,7 +212,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' From f510000b4d8d4e2edc96fc4779409f7b48f963ed Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:29:04 -0500 Subject: [PATCH 104/268] Fix whitespace --- data/cisagov_G.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 2c86e88..fb5c3eb 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -91,7 +91,7 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -152,7 +152,7 @@ software: vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. references: - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' From 009cb1bf9086ebcbed75f27e9387e33a3ade7b3e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:39:23 -0500 Subject: [PATCH 105/268] Add GE Gas products --- data/cisagov_G.yml | 122 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 122 insertions(+) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index fb5c3eb..c3be111 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -187,6 +187,96 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: MyFleet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Planning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Tag Mapping Service cves: @@ -217,6 +307,38 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. + references: + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: From f25a72682b664eacc73cbd24a38ada41bd227312 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:43:46 -0500 Subject: [PATCH 106/268] Add GeoSolutions --- data/cisagov_G.yml | 60 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index c3be111..6fe4869 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -456,6 +456,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GeoSolutions + product: Geonetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: Gerrit code review product: '' cves: From 7397fea09dab23ec5a5733414ec4ae1eb2bb2b98 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:49:19 -0500 Subject: [PATCH 107/268] Add GFI Software Kerio, small updates --- data/cisagov_G.yml | 50 ++++++++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 10 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 6fe4869..c5746a7 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -340,7 +340,7 @@ software: - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -370,7 +370,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -399,7 +399,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -428,7 +428,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -457,7 +457,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoSolutions - product: Geonetwork + product: GeoNetwork cves: cve-2021-4104: investigated: false @@ -516,8 +516,8 @@ software: references: - '' last_updated: '2021-12-16T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -545,8 +545,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -574,8 +574,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false From 08854031a804a1cab3a7e1f4490aa8791f7f10c9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 08:58:08 -0500 Subject: [PATCH 108/268] Add GitHub & Gitlab products --- data/cisagov_G.yml | 256 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 250 insertions(+), 6 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index c5746a7..569f308 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -633,6 +633,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -643,9 +673,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <5.13.01.02 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '<5.13.01.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -694,8 +724,41 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.0.22' + - '3.1.14' + - '3.2.6' + - '3.3.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: GitLab - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -703,10 +766,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -718,13 +812,163 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus - product: '' + product: All cves: cve-2021-4104: investigated: false From 70f7b6d21e7200280d9a3141806111ac3fff5dac Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 09:04:31 -0500 Subject: [PATCH 109/268] Add GoAnywhere products --- data/cisagov_G.yml | 104 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 97 insertions(+), 7 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 569f308..8c42f23 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -997,7 +997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: Gateway + product: Agents cves: cve-2021-4104: investigated: false @@ -1006,10 +1006,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Version 2.7.0 or later' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1036,9 +1066,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 5.3.0 or later' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1067,9 +1097,69 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 1.6.5 + - '1.4.2 or later' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 9dc38fcc6ccf7d63f898ebb02147148b1d001032 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 09:14:18 -0500 Subject: [PATCH 110/268] Add Graylog, Update Gravitee --- data/cisagov_G.yml | 96 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 67 insertions(+), 29 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 8c42f23..a2a00f9 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1177,7 +1177,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1217,7 +1217,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -5460,7 +5461,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5501,7 +5502,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5531,7 +5532,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5561,7 +5562,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '1.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5591,7 +5592,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5621,7 +5622,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5651,7 +5652,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5681,7 +5682,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5698,8 +5699,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5707,10 +5708,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5722,13 +5724,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5736,9 +5738,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3.15' + - '4.0.14' + - '4.1.9' + - '4.2.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5751,8 +5757,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5766,9 +5773,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'All versions >= 1.2.0 and <= 4.2.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5787,7 +5794,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5795,10 +5802,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5844,8 +5852,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false From 64e126ba2542a7eb7b107eff2c04d4ffcc566bc7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 09:35:35 -0500 Subject: [PATCH 111/268] Fix whitespace --- data/cisagov_G.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index a2a00f9..f0a3cc9 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5759,7 +5759,7 @@ software: vendor_links: - https://www.graylog.org/post/graylog-update-for-log4j notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. + Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' From 4407f83b562853fd80bbb990becbf78160f2a6ec Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 10:02:52 -0500 Subject: [PATCH 112/268] Fix indent issue --- data/cisagov_G.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index f0a3cc9..81be8e1 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1218,7 +1218,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '' cve-2021-45046: investigated: true affected_versions: [] From c5450b3b379b8b5a5e4f514f87d1cc4549750031 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 10:23:32 -0500 Subject: [PATCH 113/268] Revert "Update G products" --- data/cisagov_G.yml | 1540 ++++++++++++-------------------------------- 1 file changed, 410 insertions(+), 1130 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 81be8e1..88012b6 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -73,520 +73,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Baseline Security Center (BSC) 2.0 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. - references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Control Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - '' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: MyFleet - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: OPM Performance Intelligence - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: OPM Performance Planning - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: Tag Mapping Service - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Gas Power - product: vCenter - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. - references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' - last_updated: '2021-12-22T00:00:00' - - vendor: GE Healthcare - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://securityupdate.gehealthcare.com - notes: This advisory is not available at the time of this review, due to maintence - on the GE Healthcare website. - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Gearset - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Genesys - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoServer - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GeoSolutions - product: GeoNetwork - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - 'All' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html - notes: '' - references: - - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: GeoSolutions - product: GeoServer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html - notes: '' - references: - - '' - last_updated: '2021-12-16T07:18:50+00:00' - - vendor: Gerrit Code Review - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI Software - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI Software - product: Kerio Connect - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -599,13 +88,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: GE verifying workaround. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghidra - product: All + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) cves: cve-2021-4104: investigated: false @@ -628,13 +117,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ghisler - product: Total Commander + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Baseline Security Center (BSC) 2.0 cves: cve-2021-4104: investigated: false @@ -642,41 +132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.ghisler.com/whatsnew.htm - notes: Third Party plugins might contain log4j. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gigamon - product: Fabric Manager - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '<5.13.01.02' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -688,14 +147,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.gigamon.com/gigamoncp/s/my-gigamon - notes: Updates available via the Gigamon Support Portal. This advisory available - to customers only and has not been reviewed by CISA. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: Vulnerability to be fixed by vendor provided workaround. No user actions + necessary. Contact GE for details references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: GitHub - product: GitHub + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server cves: cve-2021-4104: investigated: false @@ -703,10 +162,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - GitHub.com and GitHub Enterprise Cloud + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -719,13 +177,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: The Control Server is Affected via vCenter. There is a fix for vCenter. + Please see below. GE verifying the vCenter fix as proposed by the vendor. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitHub - product: GitHub Enterprise Server + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service cves: cve-2021-4104: investigated: false @@ -733,13 +192,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '3.0.22' - - '3.1.14' - - '3.2.6' - - '3.3.1' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -752,13 +207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ - notes: '' + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: GitLab - product: All + last_updated: '2021-12-22T00:00:00' + - vendor: GE Healthcare + product: '' cves: cve-2021-4104: investigated: false @@ -766,11 +221,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -782,13 +236,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 - notes: '' + - https://securityupdate.gehealthcare.com + notes: This advisory is not available at the time of this review, due to maintence + on the GE Healthcare website. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: DAST Analyzer + last_updated: '2021-12-22T00:00:00' + - vendor: Gearset + product: '' cves: cve-2021-4104: investigated: false @@ -796,11 +251,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -812,13 +266,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Dependency Scanning + - vendor: Genesys + product: '' cves: cve-2021-4104: investigated: false @@ -826,10 +280,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -842,13 +295,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Gemnasium-Maven + - vendor: GeoServer + product: '' cves: cve-2021-4104: investigated: false @@ -856,10 +309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -872,13 +324,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: PMD OSS + - vendor: Gerrit code review + product: '' cves: cve-2021-4104: investigated: false @@ -886,10 +338,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -902,13 +353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://www.gerritcodereview.com/2021-12-13-log4j-statement.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: SAST + - vendor: GFI + product: '' cves: cve-2021-4104: investigated: false @@ -916,10 +367,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -932,13 +382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GitLab - product: Spotbugs + - vendor: Ghidra + product: '' cves: cve-2021-4104: investigated: false @@ -946,10 +396,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -962,13 +411,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + - https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Globus - product: All + - vendor: Gigamon + product: Fabric Manager cves: cve-2021-4104: investigated: false @@ -976,8 +425,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - <5.13.01.02 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -991,13 +441,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 - notes: '' + - https://community.gigamon.com/gigamoncp/s/my-gigamon + notes: Updates available via the Gigamon Support Portal. This advisory available + to customers only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GoAnywhere - product: Agents + last_updated: '2021-12-21T00:00:00' + - vendor: GitHub + product: GitHub cves: cve-2021-4104: investigated: false @@ -1008,7 +459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '' + - GitHub.com and GitHub Enterprise Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -1021,13 +472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: Gateway + last_updated: '2021-12-17T00:00:00' + - vendor: GitLab + product: '' cves: cve-2021-4104: investigated: false @@ -1035,10 +486,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Version 2.7.0 or later' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1051,13 +501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://forum.gitlab.com/t/cve-2021-4428/62763 notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' - - vendor: GoAnywhere - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Globus + product: '' cves: cve-2021-4104: investigated: false @@ -1065,10 +515,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Version 5.3.0 or later' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1081,13 +530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + - https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4 notes: '' references: - '' - last_updated: '2021-12-18T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: MFT Agents + product: Gateway cves: cve-2021-4104: investigated: false @@ -1097,7 +546,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1.4.2 or later' + - < 2.8.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1112,12 +561,12 @@ software: unaffected_versions: [] vendor_links: - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps - notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + notes: '' references: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Open PGP Studio + product: MFT cves: cve-2021-4104: investigated: false @@ -1126,9 +575,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '' + affected_versions: + - < 6.8.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1147,7 +596,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoAnywhere - product: Suveyor/400 + product: MFT Agents cves: cve-2021-4104: investigated: false @@ -1156,10 +605,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - < 1.6.5 fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1177,7 +626,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -1217,8 +666,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] @@ -1245,11 +693,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1276,11 +723,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1309,11 +755,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1340,11 +785,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1371,11 +815,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1402,11 +845,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1436,11 +878,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1467,11 +908,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1498,11 +938,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1529,11 +968,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1560,11 +998,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1595,11 +1032,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1626,11 +1062,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1657,11 +1092,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1693,11 +1127,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1727,11 +1160,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1761,11 +1193,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1792,11 +1223,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1823,11 +1253,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1854,11 +1283,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1885,11 +1313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1916,11 +1343,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1947,11 +1373,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1978,11 +1403,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2009,11 +1433,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2040,11 +1463,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2071,11 +1493,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2103,11 +1524,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2134,11 +1554,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2165,11 +1584,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2196,11 +1614,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2227,11 +1644,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2258,11 +1674,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2292,11 +1707,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2323,11 +1737,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2359,11 +1772,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2390,11 +1802,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2421,11 +1832,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2452,11 +1862,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2483,11 +1892,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2514,11 +1922,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2545,11 +1952,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2576,11 +1982,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2610,11 +2015,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2641,11 +2045,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2672,11 +2075,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2703,11 +2105,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2734,11 +2135,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2765,11 +2165,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2796,11 +2195,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2827,11 +2225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2858,11 +2255,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2889,11 +2285,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2920,11 +2315,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2954,11 +2348,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2988,11 +2381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3019,11 +2411,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3050,11 +2441,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3084,11 +2474,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3115,11 +2504,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3146,11 +2534,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3177,11 +2564,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3208,11 +2594,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3239,11 +2624,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3270,11 +2654,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3301,11 +2684,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3332,11 +2714,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3363,11 +2744,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3394,11 +2774,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3425,11 +2804,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3456,11 +2834,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3489,11 +2866,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3520,11 +2896,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3551,11 +2926,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3582,11 +2956,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3615,11 +2988,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3649,11 +3021,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3680,11 +3051,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3715,11 +3085,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3748,11 +3117,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3782,11 +3150,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3813,11 +3180,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3844,11 +3210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3875,11 +3240,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3906,11 +3270,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3937,11 +3300,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3968,11 +3330,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4001,11 +3362,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4032,11 +3392,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4063,11 +3422,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4094,11 +3452,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4125,11 +3482,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4156,11 +3512,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4187,11 +3542,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4221,11 +3575,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4252,11 +3605,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4283,11 +3635,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4314,11 +3665,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4345,11 +3695,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4383,11 +3732,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4414,11 +3762,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4445,11 +3792,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4476,11 +3822,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4510,11 +3855,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4541,11 +3885,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4572,11 +3915,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4603,11 +3945,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4634,11 +3975,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4665,11 +4005,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4699,11 +4038,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4730,11 +4068,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4761,11 +4098,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4792,11 +4128,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4823,11 +4158,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4854,11 +4188,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4885,11 +4218,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4916,11 +4248,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4947,11 +4278,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4978,11 +4308,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5009,11 +4338,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5040,11 +4368,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5071,11 +4398,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5102,11 +4428,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5133,11 +4458,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5164,11 +4488,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5195,11 +4518,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5226,11 +4548,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5257,11 +4578,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5288,11 +4608,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5311,7 +4630,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: All + product: Gradle cves: cve-2021-4104: investigated: false @@ -5319,11 +4638,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5350,9 +4668,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '< 2021.3.6' + affected_versions: + - < 2021.3.6 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5380,9 +4698,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '< 10.1' + affected_versions: + - < 10.1 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5410,9 +4728,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - '< 1.6.2' + affected_versions: + - < 1.6.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5431,7 +4749,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -5439,11 +4757,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5461,7 +4778,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -5502,7 +4819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5532,7 +4849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5562,7 +4879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.5.x' + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5592,7 +4909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5622,7 +4939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5652,7 +4969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5682,7 +4999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5699,8 +5016,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: All + - vendor: Gravitee.io + product: '' cves: cve-2021-4104: investigated: false @@ -5708,11 +5025,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5724,13 +5040,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: Gravwell products do not use Java. + - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Graylog - product: All + - vendor: Gravwell + product: '' cves: cve-2021-4104: investigated: false @@ -5738,13 +5054,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '3.3.15' - - '4.0.14' - - '4.1.9' - - '4.2.3' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5757,9 +5069,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.graylog.org/post/graylog-update-for-log4j - notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5773,9 +5084,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 'All versions >= 1.2.0 and <= 4.2.2' + affected_versions: + - All versions >= 1.2.0 and <= 4.2.2 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -5794,7 +5105,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: All + product: '' cves: cve-2021-4104: investigated: false @@ -5802,11 +5113,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5852,38 +5162,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: GuardedBox - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '3.1.2' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://twitter.com/GuardedBox/status/1469739834117799939 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: All + product: '' cves: cve-2021-4104: investigated: false From de8890bbafec820dfff0bf973d816b4284220bd5 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 10:56:53 -0700 Subject: [PATCH 114/268] Update cisagov_A.yml Added AMD --- data/cisagov_A.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f569214..c126c8c 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -475,6 +475,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: From ffe2d26e7c563a543e26e1584726d16e1f43063b Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 18:00:37 +0000 Subject: [PATCH 115/268] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 30 ++++++++++++++++++++++++++++++ data/cisagov_A.yml | 2 +- 3 files changed, 32 insertions(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index c297288..5b77580 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -45,6 +45,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | diff --git a/data/cisagov.yml b/data/cisagov.yml index ae96426..d4ac0f4 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -656,6 +656,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Advanced Micro Devices (AMD) + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Advanced Systems Concepts (formally Jscape) product: Active MFT cves: diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index c126c8c..17499a2 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -488,7 +488,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] From 491e68cfeb1cc7241eae3c2bd905fcb4bf9d4e3a Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 12:02:54 -0700 Subject: [PATCH 116/268] Update cisagov_F.yml Added Fuji Electric --- data/cisagov_F.yml | 242 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 242 insertions(+) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 8598911..c615dad 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2033,6 +2033,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'Version 5' + - 'Version 6' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'Version 3' + - 'Version 4' + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: From 73c63db04c143399ee94da0a13860a3aaaadb5c5 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 13:10:56 -0700 Subject: [PATCH 117/268] Update cisagov_C.yml updated and added Canon products --- data/cisagov_C.yml | 116 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 92 insertions(+), 24 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 696782e..d53c7de 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -129,8 +129,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -148,7 +149,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -158,10 +159,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -177,9 +179,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -187,10 +189,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -206,7 +209,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -216,10 +219,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -235,7 +239,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -245,10 +249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -264,7 +269,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -274,10 +279,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -293,7 +299,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -303,8 +309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -322,7 +329,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: XR Medical Imaging Products cves: @@ -332,10 +339,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Eye-Care Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -351,7 +389,37 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: Canon DR Products CXDI_NE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: Such as Omnera, FlexPro, Soltus + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: From 38fd455e7c9aa393442b332c13ec592fdf04471f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 15:42:33 -0500 Subject: [PATCH 118/268] Update Google Cloud products --- data/cisagov_G.yml | 645 +++++++++++++++++++++++++++------------------ 1 file changed, 387 insertions(+), 258 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 88012b6..af20044 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -693,10 +693,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -723,10 +724,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -755,10 +757,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -785,10 +788,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -815,10 +819,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -845,10 +850,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +884,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -908,10 +915,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -938,10 +946,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -968,10 +977,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -998,10 +1008,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1032,10 +1043,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1062,10 +1074,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1092,10 +1105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1127,10 +1141,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1160,10 +1175,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1193,10 +1209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1223,10 +1240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1253,10 +1271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1283,10 +1302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1343,10 +1364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1373,10 +1395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1403,10 +1426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1433,10 +1457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1463,10 +1488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1493,10 +1519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1524,10 +1551,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1554,10 +1582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1584,10 +1613,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1614,10 +1644,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1644,10 +1675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1674,10 +1706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1707,10 +1740,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1737,10 +1771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1772,10 +1807,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1802,10 +1838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1832,10 +1869,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1862,10 +1900,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1892,10 +1931,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1922,10 +1962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1952,10 +1993,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1982,10 +2024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2015,10 +2058,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2045,10 +2089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2075,10 +2120,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2105,10 +2151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2135,10 +2182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2165,10 +2213,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2195,10 +2244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2225,10 +2275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2255,10 +2306,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2285,10 +2337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2315,10 +2368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2348,10 +2402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2381,10 +2436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2411,10 +2467,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2441,10 +2498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2474,10 +2532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2504,10 +2563,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2534,10 +2594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2564,10 +2625,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2594,10 +2656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2624,10 +2687,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2654,10 +2718,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2684,10 +2749,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2714,10 +2780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2744,10 +2811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2774,10 +2842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2804,10 +2873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2834,10 +2904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2866,10 +2937,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2896,10 +2968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2926,10 +2999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2956,10 +3030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2988,10 +3063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,10 +3097,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3051,10 +3128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3085,10 +3163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3117,10 +3196,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3150,10 +3230,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3180,10 +3261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3210,10 +3292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3240,10 +3323,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3270,10 +3354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3300,10 +3385,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3330,10 +3416,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3362,10 +3449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3392,10 +3480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3422,10 +3511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3452,10 +3542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3482,10 +3573,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3512,10 +3604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3542,10 +3635,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3575,10 +3669,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3605,10 +3700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3635,10 +3731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3665,10 +3762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3695,10 +3793,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3732,10 +3831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3762,10 +3862,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3792,10 +3893,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3822,10 +3924,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3855,10 +3958,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3885,10 +3989,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3915,10 +4020,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3945,10 +4051,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3975,10 +4082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4005,10 +4113,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4038,10 +4147,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4068,10 +4178,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4098,10 +4209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4128,10 +4240,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4158,10 +4271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4188,10 +4302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4218,10 +4333,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4248,10 +4364,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4278,10 +4395,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4308,10 +4426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4338,10 +4457,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4368,10 +4488,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4398,10 +4519,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4428,10 +4550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4458,10 +4581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4488,10 +4612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4518,10 +4643,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4548,10 +4674,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4578,10 +4705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4608,10 +4736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 5c201af2931d4f70d9381961892442dfcb38bf89 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 20:51:53 +0000 Subject: [PATCH 119/268] Update the software list --- SOFTWARE-LIST.md | 258 +++++++++---------- data/cisagov.yml | 645 ++++++++++++++++++++++++++++------------------- 2 files changed, 516 insertions(+), 387 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5b77580..9673268 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1252,135 +1252,135 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | -| Google Cloud | Access Transparency | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Actifio | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Data Labeling | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AI Platform Training and Prediction | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Config Management | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Connect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Hub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Identity Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos on VMWare | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Premium Software | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Anthos Service Mesh | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Apigee | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | App Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AppSheet | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Artifact Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Assured Workloads | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Natural Language | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Tables | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Video | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | AutoML Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Data Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | BigQuery Omni | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Binary Authorization | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Certificate Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Chronicle | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Asset Inventory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Bigtable | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Build | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud CDN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Composer | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Google Cloud | Cloud Console App | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Data Loss Prevention | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Debugger | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Deployment Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud DNS | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Endpoints | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud External Key Manager (EKM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Functions | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Hardware Security Module (HSM) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Interconnect | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Key Management Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Load Balancing | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Logging | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Natural Language API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Network Address Translation (NAT) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Profiler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Router | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Run | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Run for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Scheduler | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud SDK | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Shell | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Source Repositories | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Spanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud SQL | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Cloud Storage | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Tasks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Trace | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Traffic Director | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Cloud Translation | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud Vision OCR On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Cloud VPN | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | CompilerWorks | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Compute Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Contact Center AI (CCAI) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Contact Center AI Insights | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Container Registry | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Data Catalog | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Data Fusion | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Database Migration Service (DMS) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dataflow | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Google Cloud | Dataproc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Dataproc Metastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Datastore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Datastream | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Dialogflow Essentials (ES) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Document AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Event Threat Detection | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Eventarc | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Filestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firebase | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Firestore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Game Servers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Google Cloud Armor | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Google Cloud VMware Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | -| Google Cloud | Google Kubernetes Engine | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Healthcare Data Engine (HDE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Human-in-the-Loop AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | IoT Core | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Key Access Justifications (KAJ) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Looker | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| Google Cloud | Media Translation API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Memorystore | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Migrate for Anthos | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Migrate for Compute Engine (M4CE) | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Google Cloud | Network Connectivity Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Intelligence Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Network Service Tiers | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Persistent Disk | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Pub/Sub | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | Pub/Sub Lite | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Google Cloud | reCAPTCHA Enterprise | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Recommendations AI | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Retail Search | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Risk Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Secret Manager | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Security Command Center | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Directory | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Service Infrastructure | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speaker ID | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Speech-to-Text On-Prem | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Storage Transfer Service | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Talent Solution | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Text-to-Speech | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transcoder API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Transfer Appliance | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Video Intelligence API | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Virtual Private Cloud | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Google Cloud | Web Security Scanner | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Workflows | | | Unknown | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Data Labeling | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Neural Architecture Search (NAS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AI Platform Training and Prediction | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Config Management | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Connect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Hub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Identity Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos on VMWare | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers to check VMware recommendations documented in VMSA-2021-0028 and deploy fixes or workarounds to their VMware products as they become available. We also recommend customers review their respective applications and workloads affected by the same vulnerabilities and apply appropriate patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Premium Software | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Anthos Service Mesh | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Apigee | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Apigee installed Log4j 2 in its Apigee Edge VMs, but the software was not used and therefore the VMs were not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. Apigee updated Log4j 2 to v.2.16 as an additional precaution. It is possible that customers may have introduced custom resources that are using vulnerable versions of Log4j. We strongly encourage customers who manage Apigee environments to identify components dependent on Log4j and update them to the latest version. Visit the Apigee Incident Report for more information. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | App Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage App Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AppSheet | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | The AppSheet core platform runs on non-JVM (non-Java) based runtimes. At this time, we have identified no impact to core AppSheet functionality. Additionally, we have patched one Java-based auxiliary service in our platform. We will continue to monitor for affected services and patch or remediate as required. If you have any questions or require assistance, contact AppSheet Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Artifact Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Assured Workloads | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Natural Language | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Tables | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Video | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | AutoML Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Data Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | BigQuery Omni | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | BigQuery Omni, which runs on AWS and Azure infrastructure, does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. We continue to work with AWS and Azure to assess the situation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Binary Authorization | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Certificate Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Chronicle | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Asset Inventory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Bigtable | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Build | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Build environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud CDN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Composer | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Cloud Composer does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. It is possible that customers may have imported or introduced other dependencies via DAGs, installed PyPI modules, plugins, or other services that are using vulnerable versions of Log4j 2. We strongly encourage customers, who manage Composer environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Google Cloud | Cloud Console App | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Data Loss Prevention | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Debugger | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Deployment Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud DNS | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Endpoints | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud External Key Manager (EKM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Functions | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Functions environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Hardware Security Module (HSM) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Interconnect | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Intrusion Detection System (IDS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Key Management Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Load Balancing | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Logging | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Natural Language API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Network Address Translation (NAT) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Profiler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Router | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Run | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Run for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Run for Anthos environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Scheduler | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud SDK | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Shell | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Cloud Shell environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Source Repositories | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Spanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud SQL | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Cloud Storage | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Tasks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Trace | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Traffic Director | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Cloud Translation | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud Vision OCR On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Cloud VPN | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | CompilerWorks | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Compute Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Compute Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. For those using Google Cloud VMware Engine, we are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes to Google Cloud VMware Engine as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Contact Center AI (CCAI) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Contact Center AI Insights | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Container Registry | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Data Catalog | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Catalog has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. We strongly encourage customers who introduced their own connectors to identify dependencies on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Data Fusion | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Data Fusion does not use Log4j 2, but uses Dataproc as one of the options to execute pipelines. Dataproc released new images on December 18, 2021 to address the vulnerability in CVE-2021-44228 and CVE-2021-45046. Customers must follow instructions in a notification sent on December 18, 2021 with the subject line “Important information about Data Fusion.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Database Migration Service (DMS) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dataflow | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataflow does not use Log4j 2 and is not impacted by the issues in CVE-2021-44228 and CVE-2021-45046. If you have changed dependencies or default behavior, it is strongly recommended you verify there is no dependency on vulnerable versions Log4j 2. Customers have been provided details and instructions in a notification sent on December 17, 2021 with the subject line “Update #1 to Important information about Dataflow.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Google Cloud | Dataproc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc released new images on December 18, 2021 to address the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Customers must follow the instructions in notifications sent on December 18, 2021 with the subject line “Important information about Dataproc” with Dataproc documentation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Dataproc Metastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Dataproc Metastore has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers who need to take actions were sent two notifications with instructions on December 17, 2021 with the subject line “Important information regarding Log4j 2 vulnerability in your gRPC-enabled Dataproc Metastore.” | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Datastore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Datastream | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Dialogflow Essentials (ES) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Document AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Event Threat Detection | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Eventarc | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Filestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Log4j 2 is contained within the Filestore service; there is a technical control in place that mitigates the vulnerabilities in CVE-2021-44228 and CVE-2021-45046. Log4j 2 will be updated to the latest version as part of the scheduled rollout in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firebase | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Firestore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Game Servers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Google Cloud Armor | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud Armor Managed Protection Plus | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Google Cloud VMware Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | We are working with VMware and tracking VMSA-2021-0028.1. We will deploy fixes as they become available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-11 | +| Google Cloud | Google Kubernetes Engine | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Google Kubernetes Engine does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Google Kubernetes Engine environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Healthcare Data Engine (HDE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Human-in-the-Loop AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | IoT Core | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Key Access Justifications (KAJ) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| Google Cloud | Media Translation API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Memorystore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Migrate for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Migrate for Compute Engine (M4CE) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | M4CE has been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. M4CE has been updated to version 4.11.9 to address the vulnerabilities. A notification was sent to customers on December 17, 2021 with subject line “Important information about CVE-2021-44228 and CVE-2021-45046” for M4CE V4.11 or below. If you are on M4CE v5.0 or above, no action is needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | +| Google Cloud | Network Connectivity Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Intelligence Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Network Service Tiers | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Persistent Disk | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Pub/Sub | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | Pub/Sub Lite | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. Customers may have introduced a separate logging solution that uses Log4j 2. We strongly encourage customers who manage Pub/Sub Lite environments to identify components dependent on Log4j 2 and update them to the latest version. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Google Cloud | reCAPTCHA Enterprise | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Recommendations AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Retail Search | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Risk Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Secret Manager | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Security Command Center | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Directory | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Service Infrastructure | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speaker ID | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Speech-to-Text On-Prem | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Storage Transfer Service | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Talent Solution | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Text-to-Speech | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transcoder API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Transfer Appliance | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Video Intelligence API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index d4ac0f4..ed6ef37 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -36431,10 +36431,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36461,10 +36462,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36493,10 +36495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36523,10 +36526,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36553,10 +36557,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36583,10 +36588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36616,10 +36622,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36646,10 +36653,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36676,10 +36684,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36706,10 +36715,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36736,10 +36746,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36770,10 +36781,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36800,10 +36812,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36830,10 +36843,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36865,10 +36879,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36898,10 +36913,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36931,10 +36947,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36961,10 +36978,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36991,10 +37009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37021,10 +37040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37051,10 +37071,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37081,10 +37102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37111,10 +37133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37141,10 +37164,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37171,10 +37195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37201,10 +37226,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37231,10 +37257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37262,10 +37289,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37292,10 +37320,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37322,10 +37351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37352,10 +37382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37382,10 +37413,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37412,10 +37444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37445,10 +37478,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37475,10 +37509,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37510,10 +37545,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37540,10 +37576,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37570,10 +37607,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37600,10 +37638,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37630,10 +37669,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37660,10 +37700,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37690,10 +37731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37720,10 +37762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37753,10 +37796,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37783,10 +37827,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37813,10 +37858,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37843,10 +37889,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37873,10 +37920,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37903,10 +37951,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37933,10 +37982,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37963,10 +38013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37993,10 +38044,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38023,10 +38075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38053,10 +38106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38086,10 +38140,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38119,10 +38174,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38149,10 +38205,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38179,10 +38236,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38212,10 +38270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38242,10 +38301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38272,10 +38332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38302,10 +38363,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38332,10 +38394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38362,10 +38425,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38392,10 +38456,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38422,10 +38487,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38452,10 +38518,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38482,10 +38549,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38512,10 +38580,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38542,10 +38611,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38572,10 +38642,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38604,10 +38675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38634,10 +38706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38664,10 +38737,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38694,10 +38768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38726,10 +38801,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38759,10 +38835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38789,10 +38866,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38823,10 +38901,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38855,10 +38934,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38888,10 +38968,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38918,10 +38999,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38948,10 +39030,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -38978,10 +39061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39008,10 +39092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39038,10 +39123,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39068,10 +39154,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39100,10 +39187,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39130,10 +39218,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39160,10 +39249,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39190,10 +39280,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39220,10 +39311,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39250,10 +39342,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39280,10 +39373,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39313,10 +39407,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39343,10 +39438,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39373,10 +39469,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39403,10 +39500,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39433,10 +39531,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39470,10 +39569,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39500,10 +39600,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39530,10 +39631,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39560,10 +39662,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39593,10 +39696,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39623,10 +39727,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39653,10 +39758,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39683,10 +39789,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39713,10 +39820,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39743,10 +39851,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39776,10 +39885,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39806,10 +39916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39836,10 +39947,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39866,10 +39978,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39896,10 +40009,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39926,10 +40040,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39956,10 +40071,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -39986,10 +40102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40016,10 +40133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40046,10 +40164,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40076,10 +40195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40106,10 +40226,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40136,10 +40257,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40166,10 +40288,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40196,10 +40319,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40226,10 +40350,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40256,10 +40381,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40286,10 +40412,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40316,10 +40443,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40346,10 +40474,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From cbd05057c653178af9cad5d041f192fe2d9f73c2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 15:57:13 -0500 Subject: [PATCH 120/268] Add GE Gas Products, Gradle, etc. --- data/cisagov_G.yml | 199 +++++++++++++++++++++++++++++++++++++-------- 1 file changed, 164 insertions(+), 35 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index af20044..16d476a 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -73,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -88,8 +89,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -102,8 +104,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -117,9 +120,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -132,10 +134,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -147,14 +182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Control Server + product: MyFleet cves: cve-2021-4104: investigated: false @@ -162,10 +196,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -177,14 +242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Tag Mapping Service + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -192,10 +256,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -207,11 +302,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: @@ -4759,7 +4886,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -4767,10 +4894,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4797,9 +4925,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2021.3.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 2021.3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4827,9 +4955,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 10.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 10.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4857,9 +4985,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 1.6.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 1.6.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4878,7 +5006,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4886,10 +5014,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 0a5a312adeb4bad42c714d96b4b00482fbc0abf8 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:03:19 +0000 Subject: [PATCH 121/268] Update the software list --- SOFTWARE-LIST.md | 28 ++++--- data/cisagov.yml | 197 +++++++++++++++++++++++++++++++++++++-------- data/cisagov_G.yml | 30 ++++--- 3 files changed, 198 insertions(+), 57 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 9673268..722631d 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1229,13 +1229,17 @@ NOTE: This file is automatically generated. To submit updates, please refer to | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GE Digital | | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Digital Grid | | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Asset Performance Management (APM) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | GE verifying workaround. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability to be fixed by vendor provided workaround. No user actions necessary. Contact GE for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Control Server | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | The Control Server is Affected via vCenter. There is a fix for vCenter. Please see below. GE verifying the vCenter fix as proposed by the vendor. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| GE Gas Power | Tag Mapping Service | | | Unknown | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Baseline Security Center (BSC) 2.0 | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Control Server | | | Affected | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | MyFleet | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Intelligence | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | OPM Performance Planning | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1381,11 +1385,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Virtual Private Cloud | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Google Cloud | Web Security Scanner | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Workflows | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Gradle | Gradle | | | Unknown | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise | < 2021.3.6 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Build Cache Node | < 10.1 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gradle | Gradle Enterprise Test Distribution Agent | < 1.6.2 | | Affected | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grafana | | | | Unknown | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | All | | | Not Affected | [link](https://blog.gradle.org/log4j-vulnerability) | Gradle Scala Compiler Plugin depends upon log4j-core but it is not used. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise | | < 2021.3.6 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index ed6ef37..64d9eb8 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -35743,7 +35743,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GE Digital - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35773,7 +35773,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Digital Grid - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35811,9 +35811,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35826,8 +35827,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: GE verifying workaround. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -35840,8 +35843,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35855,9 +35859,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -35870,10 +35874,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Control Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35885,14 +35923,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: Vulnerability to be fixed by vendor provided workaround. No user actions - necessary. Contact GE for details + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Control Server + product: MyFleet cves: cve-2021-4104: investigated: false @@ -35900,10 +35938,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: OPM Performance Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35915,14 +35984,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf - notes: The Control Server is Affected via vCenter. There is a fix for vCenter. - Please see below. GE verifying the vCenter fix as proposed by the vendor. + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power - product: Tag Mapping Service + product: OPM Performance Planning cves: cve-2021-4104: investigated: false @@ -35930,10 +35998,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: Tag Mapping Service + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -35945,11 +36044,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2021-12-21_Log4J_Vulnerability-GE_Gas_Power_Holding_Statement.pdf + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf notes: Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: GE Gas Power + product: vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. + references: + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare product: '' cves: @@ -40497,7 +40628,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Gradle - product: Gradle + product: All cves: cve-2021-4104: investigated: false @@ -40505,10 +40636,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -40535,9 +40667,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 2021.3.6 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40565,9 +40697,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 10.1 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40595,9 +40727,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - < 1.6.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -40616,7 +40748,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grafana - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -40624,10 +40756,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 16d476a..2921f6c 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -90,8 +90,9 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -121,7 +122,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaround provided by FoxGuard in Technical Information Notice – M1221-S01. + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -151,9 +153,10 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. references: - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' last_updated: '2021-12-22T00:00:00' @@ -183,7 +186,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -333,9 +337,9 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' last_updated: '2021-12-22T00:00:00' @@ -4927,7 +4931,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2021.3.6' + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4957,7 +4961,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.1' + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4987,7 +4991,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.6.2' + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false From 584a6904f7446aadaa3e4899b9298d48a3aa78e9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:11:36 -0500 Subject: [PATCH 122/268] Add GitHub, Gitlab, GoAnywhere products --- data/cisagov_G.yml | 502 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 461 insertions(+), 41 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 2921f6c..8c42f23 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -90,9 +90,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed - in development environment and the team is currently deploying the fixes in - the production environment. + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently + deploying the fixes in the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -122,8 +121,7 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaround provided by FoxGuard in - Technical Information Notice – M1221-S01. + notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -153,12 +151,11 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that - is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded - from link in reference section. This update is available to customer only and - has not been reviewed by CISA. + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. references: - - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Control Server @@ -186,8 +183,7 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted - through vCenter. + notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -337,14 +333,14 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. The - update and instructions can be downloaded from link in reference section. This - update is available to customer only and has not been reviewed by CISA. + notes: GE Gas Power has tested and validated the update provided by Vmware. + The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not + been reviewed by CISA. references: - - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' + - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -374,7 +370,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -403,7 +399,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -432,7 +428,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -460,8 +456,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -489,8 +545,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -518,8 +574,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -547,6 +633,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -557,9 +673,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <5.13.01.02 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '<5.13.01.02' unaffected_versions: [] cve-2021-45046: investigated: false @@ -608,8 +724,71 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.0.22' + - '3.1.14' + - '3.2.6' + - '3.3.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: GitLab - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer cves: cve-2021-4104: investigated: false @@ -617,10 +796,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -632,13 +842,133 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -667,7 +997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: Gateway + product: Agents cves: cve-2021-4104: investigated: false @@ -676,10 +1006,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Version 2.7.0 or later' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -706,9 +1066,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 5.3.0 or later' unaffected_versions: [] cve-2021-45046: investigated: false @@ -737,9 +1097,69 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 1.6.5 + - '1.4.2 or later' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4931,7 +5351,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 2021.3.6 + - '< 2021.3.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4961,7 +5381,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 10.1 + - '< 10.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4991,7 +5411,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.6.2 + - '< 1.6.2' unaffected_versions: [] cve-2021-45046: investigated: false From c081c60b4cd777802ecdb7120c67e9bfba293116 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:16:08 -0500 Subject: [PATCH 123/268] Update GE Gas --- data/cisagov_G.yml | 30 +++++++++++++++++------------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 8c42f23..cb02622 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -90,8 +90,9 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently - deploying the fixes in the production environment. + notes: GE Digital has fixed the log4j issue on the APM. Validation and test completed + in development environment and the team is currently deploying the fixes in + the production environment. references: - '' last_updated: '2021-12-22T00:00:00' @@ -121,7 +122,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power is still validating the workaroun provided by FoxGuard in Technical Information Notice – M1221-S01. + notes: GE Gas Power is still validating the workaround provided by FoxGuard in + Technical Information Notice – M1221-S01. references: - '' last_updated: '2021-12-22T00:00:00' @@ -151,11 +153,12 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the component of the BSC 2.0 that is impacted (McAfee SIEM 11.x). - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the component of the BSC 2.0 that + is impacted (McAfee SIEM 11.x). The update and instructions can be downloaded + from link in reference section. This update is available to customer only and + has not been reviewed by CISA. references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420' + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029420)' last_updated: '2021-12-22T00:00:00' - vendor: GE Gas Power product: Control Server @@ -183,7 +186,8 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: Please see vCenter. Control Server is not directly impacted. It is impacted through vCenter. + notes: Please see vCenter. Control Server is not directly impacted. It is impacted + through vCenter. references: - '' last_updated: '2021-12-22T00:00:00' @@ -333,14 +337,14 @@ software: unaffected_versions: [] vendor_links: - https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf - notes: GE Gas Power has tested and validated the update provided by Vmware. - The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not - been reviewed by CISA. + notes: GE Gas Power has tested and validated the update provided by Vmware. The + update and instructions can be downloaded from link in reference section. This + update is available to customer only and has not been reviewed by CISA. references: - - 'https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417' + - '[Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417)' last_updated: '2021-12-22T00:00:00' - vendor: GE Healthcare - product: All + product: '' cves: cve-2021-4104: investigated: false From 0fa9e57f9131c1a74c2520664b99860f3b92f8b8 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:19:21 -0500 Subject: [PATCH 124/268] Add Graylog --- data/cisagov_G.yml | 96 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 67 insertions(+), 29 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index cb02622..79ff7b5 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -1181,7 +1181,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1221,7 +1221,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -5464,7 +5465,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5505,7 +5506,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5535,7 +5536,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5565,7 +5566,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.5.x + - '1.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5595,7 +5596,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5625,7 +5626,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.10.x + - '3.10.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5655,7 +5656,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.5.x + - '3.5.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5685,7 +5686,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.4.x + - '1.4.x' cve-2021-45046: investigated: false affected_versions: [] @@ -5702,8 +5703,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -5711,10 +5712,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5726,13 +5728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -5740,9 +5742,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3.15' + - '4.0.14' + - '4.1.9' + - '4.2.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5755,8 +5761,9 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5770,9 +5777,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'All versions >= 1.2.0 and <= 4.2.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5791,7 +5798,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5799,10 +5806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5848,8 +5856,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false From 43574fc6014f47edcf0b5411fc79b0c85cccd483 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:24:16 +0000 Subject: [PATCH 125/268] Update the software list --- SOFTWARE-LIST.md | 53 +++-- data/cisagov.yml | 544 +++++++++++++++++++++++++++++++++++++++++---- data/cisagov_G.yml | 56 ++--- 3 files changed, 565 insertions(+), 88 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 722631d..4a4947c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1241,20 +1241,34 @@ NOTE: This file is automatically generated. To submit updates, please refer to | GE Gas Power | Tag Mapping Service | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | Vulnerability fixed. No user actions necessary. Updated to log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Gas Power | vCenter | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Gas Power has tested and validated the update provided by Vmware. The update and instructions can be downloaded from link in reference section. This update is available to customer only and has not been reviewed by CISA. | [Customer Portal Update](https://gepowerpac.servicenow.com/kb_view.do?sysparm_article=KB0029417) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Healthcare | | | | Unknown | [link](https://securityupdate.gehealthcare.com) | This advisory is not available at the time of this review, due to maintence on the GE Healthcare website. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Gearset | | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Genesys | | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GeoServer | | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gerrit code review | | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GFI | | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ghidra | | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gigamon | Fabric Manager | <5.13.01.02 | | Affected | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Gearset | All | | | Unknown | [link](https://docs.gearset.com/en/articles/5806813-gearset-log4j-statement-dec-2021) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Genesys | All | | | Unknown | [link](https://www.genesys.com/blog/post/genesys-update-on-the-apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoServer | All | | | Unknown | [link](http://geoserver.org/announcements/2021/12/13/logj4-rce-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GeoSolutions | GeoNetwork | | A, l, l | Fixed | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| GeoSolutions | GeoServer | | | Not Affected | [link](https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Gerrit Code Review | All | | | Unknown | [link](https://www.gerritcodereview.com/2021-12-13-log4j-statement.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | All | | | Unknown | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GFI Software | Kerio Connect | | | Fixed | [link](https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghidra | All | | | Unknown | [link](https://github.com/NationalSecurityAgency/ghidra/blob/2c73c72f0ba2720c6627be4005a721a5ebd64b46/README.md#warning) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ghisler | Total Commander | | | Not Affected | [link](https://www.ghisler.com/whatsnew.htm) | Third Party plugins might contain log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gigamon | Fabric Manager | | <5.13.01.02 | Fixed | [link](https://community.gigamon.com/gigamoncp/s/my-gigamon) | Updates available via the Gigamon Support Portal. This advisory available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | GitHub | GitHub | | GitHub.com and GitHub Enterprise Cloud | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| GitLab | | | | Unknown | [link](https://forum.gitlab.com/t/cve-2021-4428/62763) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Globus | | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GoAnywhere | Gateway | < 2.8.4 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT | < 6.8.6 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoAnywhere | MFT Agents | < 1.6.5 | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | -| GoCD | | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitHub | GitHub Enterprise Server | | 3.0.22, 3.1.14, 3.2.6, 3.3.1 | Fixed | [link](https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| GitLab | All | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | DAST Analyzer | | | Not Affected | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Dependency Scanning | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Gemnasium-Maven | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | PMD OSS | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | SAST | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GitLab | Spotbugs | | | Fixed | [link](https://forum.gitlab.com/t/cve-2021-4428/62763/8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Globus | All | | | Unknown | [link](https://groups.google.com/a/globus.org/g/discuss/c/FJK0q0NoUC4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GoAnywhere | Agents | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Gateway | | Version 2.7.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT | | Version 5.3.0 or later | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | MFT Agents | 1.4.2 or later | | Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | Versions less than GoAnywhere Agent version 1.4.2 are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Open PGP Studio | | | Fixed | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoAnywhere | Suveyor/400 | | | Not Affected | [link](https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| GoCD | All | | | Unknown | [link](https://www.gocd.org/2021/12/14/log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Google | Chrome | | | Not Affected | [link](https://security.googleblog.com/2021/12/apache-log4j-vulnerability.html) | Chrome Browser releases, infrastructure and admin console are not using versions of Log4j affected by the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-14 | | Google Cloud | Access Transparency | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Actifio | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Actifio has identified limited exposure to the Log4j 2 vulnerability and has released a hotfix to address this vulnerability. Visit [https://now.actifio.com](https://now.actifio.com) for the full statement and to obtain the hotfix (available to Actifio customers only). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -1390,7 +1404,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gradle | Gradle Enterprise Build Cache Node | | < 10.1 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gradle | Gradle Enterprise Test Distribution Agent | | < 1.6.2 | Fixed | [link](https://security.gradle.com/advisory/2021-11) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Grafana | All | | | Not Affected | [link](https://grafana.com/blog/2021/12/14/grafana-labs-core-products-not-impacted-by-log4j-cve-2021-44228-and-related-vulnerabilities/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Grandstream | | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Grandstream | All | | | Unknown | [link](https://blog.grandstream.com/press-releases/grandstream-products-unaffected-by-log4j-vulnerability?hsLang=en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Access Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Alert Engine | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1398,12 +1412,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | API Management | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Gravitee | Cockpit | | | Not Affected | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravitee.io | | | | Unknown | [link](https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Gravwell | | | | Unknown | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Graylog | Graylog Server | All versions >= 1.2.0 and <= 4.2.2 | | Affected | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| GreenShot | | | | Unknown | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Gravwell | All | | | Not Affected | [link](https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products) | Gravwell products do not use Java. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | All | | 3.3.15, 4.0.14, 4.1.9, 4.2.3 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | The vulnerable Log4j library is used to record GrayLogs own log information. Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Graylog | Graylog Server | | All versions >= 1.2.0 and <= 4.2.2 | Fixed | [link](https://www.graylog.org/post/graylog-update-for-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GreenShot | All | | | Not Affected | [link](https://greenshot.atlassian.net/browse/BUG-2871) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GSA | Cloud.gov | | | Unknown | [link](https://cloud.gov/2021/12/14/log4j-buildpack-updates/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Guidewire | | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| GuardedBox | All | | 3.1.2 | Fixed | [link](https://twitter.com/GuardedBox/status/1469739834117799939) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Guidewire | All | | | Unknown | [link](https://community.guidewire.com/s/article/Update-to-customers-who-have-questions-about-the-use-of-log4j-in-Guidewire-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HAProxy | | | | Unknown | [link](https://www.haproxy.com/blog/december-2021-log4shell-mitigation/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HarmanPro AMX | | | | Unknown | [link](https://help.harmanpro.com/apache-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | HashiCorp | Boundary | | | Unknown | [link](https://discuss.hashicorp.com/t/hcsec-2021-32-hashicorp-response-to-apache-log4j-2-security-issue-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 64d9eb8..07c89c9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -36112,7 +36112,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Gearset - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36141,7 +36141,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Genesys - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36170,7 +36170,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GeoServer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36198,8 +36198,67 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gerrit code review - product: '' + - vendor: GeoSolutions + product: GeoNetwork + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: GeoSolutions + product: GeoServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.geocat.net/knowledgebase/125/Log4j-RCE-CVE-2021-44228-vulnerability-patch.html + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' + - vendor: Gerrit Code Review + product: All cves: cve-2021-4104: investigated: false @@ -36227,8 +36286,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: GFI - product: '' + - vendor: GFI Software + product: All cves: cve-2021-4104: investigated: false @@ -36256,8 +36315,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GFI Software + product: Kerio Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techtalk.gfi.com/impact-of-log4j-vulnerability-on-gfi/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ghidra - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36285,6 +36374,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ghisler + product: Total Commander + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ghisler.com/whatsnew.htm + notes: Third Party plugins might contain log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Gigamon product: Fabric Manager cves: @@ -36295,9 +36414,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - <5.13.01.02 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -36346,8 +36465,41 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: GitHub + product: GitHub Enterprise Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.blog/2021-12-13-githubs-response-to-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' - vendor: GitLab - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36355,10 +36507,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: DAST Analyzer + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36370,13 +36553,163 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.gitlab.com/t/cve-2021-4428/62763 + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Dependency Scanning + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Gemnasium-Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: PMD OSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: SAST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: GitLab + product: Spotbugs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.gitlab.com/t/cve-2021-4428/62763/8 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Globus - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36405,7 +36738,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GoAnywhere - product: Gateway + product: Agents cves: cve-2021-4104: investigated: false @@ -36414,10 +36747,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.8.4 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Version 2.7.0 or later + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -36444,9 +36807,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 6.8.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -36475,9 +36838,69 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 1.6.5 + - 1.4.2 or later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: Versions less than GoAnywhere Agent version 1.4.2 are not affected. + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Open PGP Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.goanywhere.com/cve-2021-44228-and-cve-2021-45046-goanywhere-mitigation-steps + notes: '' + references: + - '' + last_updated: '2021-12-18T00:00:00' + - vendor: GoAnywhere + product: Suveyor/400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36495,7 +36918,7 @@ software: - '' last_updated: '2021-12-18T00:00:00' - vendor: GoCD - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -36535,7 +36958,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] @@ -40778,7 +41202,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Grandstream - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -41016,8 +41440,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravitee.io - product: '' + - vendor: Gravwell + product: All cves: cve-2021-4104: investigated: false @@ -41025,10 +41449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41040,13 +41465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravitee.io/news/about-the-log4j-cvss-10-critical-vulnerability - notes: '' + - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products + notes: Gravwell products do not use Java. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Gravwell - product: '' + - vendor: Graylog + product: All cves: cve-2021-4104: investigated: false @@ -41054,9 +41479,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -41069,8 +41498,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.gravwell.io/blog/cve-2021-44228-log4j-does-not-impact-gravwell-products - notes: '' + - https://www.graylog.org/post/graylog-update-for-log4j + notes: The vulnerable Log4j library is used to record GrayLogs own log information. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -41084,9 +41515,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - All versions >= 1.2.0 and <= 4.2.2 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -41105,7 +41536,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: GreenShot - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -41113,10 +41544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -41162,8 +41594,38 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: GuardedBox + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.1.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/GuardedBox/status/1469739834117799939 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Guidewire - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 79ff7b5..65b7c07 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -471,8 +471,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - 'All' + fixed_versions: All unaffected_versions: [] cve-2021-45046: investigated: false @@ -503,7 +502,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -679,7 +678,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<5.13.01.02' + - <5.13.01.02 unaffected_versions: [] cve-2021-45046: investigated: false @@ -740,10 +739,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.0.22' - - '3.1.14' - - '3.2.6' - - '3.3.1' + - 3.0.22 + - 3.1.14 + - 3.2.6 + - 3.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1042,7 +1041,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 2.7.0 or later' + - Version 2.7.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -1072,7 +1071,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 5.3.0 or later' + - Version 5.3.0 or later unaffected_versions: [] cve-2021-45046: investigated: false @@ -1101,7 +1100,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1.4.2 or later' + - 1.4.2 or later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5356,7 +5355,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2021.3.6' + - < 2021.3.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5386,7 +5385,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 10.1' + - < 10.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5416,7 +5415,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.6.2' + - < 1.6.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5506,7 +5505,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5536,7 +5535,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5566,7 +5565,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.5.x' + - 1.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5596,7 +5595,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5626,7 +5625,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.10.x' + - 3.10.x cve-2021-45046: investigated: false affected_versions: [] @@ -5656,7 +5655,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' + - 3.5.x cve-2021-45046: investigated: false affected_versions: [] @@ -5686,7 +5685,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.4.x' + - 1.4.x cve-2021-45046: investigated: false affected_versions: [] @@ -5745,10 +5744,10 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.3.15' - - '4.0.14' - - '4.1.9' - - '4.2.3' + - 3.3.15 + - 4.0.14 + - 4.1.9 + - 4.2.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5763,7 +5762,8 @@ software: vendor_links: - https://www.graylog.org/post/graylog-update-for-log4j notes: The vulnerable Log4j library is used to record GrayLogs own log information. - Vulnerability is not triggered when GrayLog stores exploitation vector from an outer system. + Vulnerability is not triggered when GrayLog stores exploitation vector from + an outer system. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5779,7 +5779,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions >= 1.2.0 and <= 4.2.2' + - All versions >= 1.2.0 and <= 4.2.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5868,7 +5868,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.1.2' + - 3.1.2 unaffected_versions: [] cve-2021-45046: investigated: false From bc19dddbe746c7dfeca0a6bdbfd39666a89a5b8e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 2 Feb 2022 21:29:40 +0000 Subject: [PATCH 126/268] Update the software list --- SOFTWARE-LIST.md | 26 +++- data/cisagov.yml | 358 ++++++++++++++++++++++++++++++++++++++++++--- data/cisagov_C.yml | 42 +++--- data/cisagov_F.yml | 36 ++--- 4 files changed, 391 insertions(+), 71 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4a4947c..28cf89c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -415,14 +415,16 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Campbell Scientific | All | | | Unknown | [link](https://s.campbellsci.com/documents/us/miscellaneous/log4j2-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | | Camunda | | | | Unknown | [link](https://forum.camunda.org/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228/31910) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Canary Labs | All | | | Unknown | [link](https://helpcenter.canarylabs.com/t/83hjjk0/log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Alphenix (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | CT Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Infinix-i (Angio Workstation) | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | MR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | NM Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | UL Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | Vitrea Advanced 7.x | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Canon | XR Medical Imaging Products | | | Unknown | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Canon | Canon DR Products CXDI_NE) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | Such as Omnera, FlexPro, Soltus | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | CT Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Eye-Care Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | MR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | NM Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | UL Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | Vitrea Advanced 7.x | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Alphenix Angio Workstation (AWS) | All | | Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | VL Infinix-i Angio Workstation (AWS) | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Canon | XR Medical Imaging Products | | | Not Affected | [link](https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | CapStorm | Copystorm | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | CarbonBlack | | | | Unknown | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Carestream | | | | Unknown | [link](https://www.carestream.com/en/us/services-and-support/cybersecurity-and-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | @@ -1227,6 +1229,14 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V8 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH V9 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 07c89c9..d09289d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -11696,7 +11696,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: Alphenix (Angio Workstation) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -11704,10 +11704,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11720,10 +11721,10 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: CT Medical Imaging Products cves: @@ -11733,10 +11734,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11752,9 +11754,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Infinix-i (Angio Workstation) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -11762,10 +11764,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11781,7 +11784,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: MR Medical Imaging Products cves: @@ -11791,10 +11794,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11810,7 +11814,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: NM Medical Imaging Products cves: @@ -11820,10 +11824,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11839,7 +11844,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: UL Medical Imaging Products cves: @@ -11849,10 +11854,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11868,7 +11874,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon product: Vitrea Advanced 7.x cves: @@ -11878,10 +11884,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: VL Alphenix Angio Workstation (AWS) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11897,9 +11934,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -11907,10 +11944,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Canon + product: XR Medical Imaging Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11926,7 +11994,7 @@ software: notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' + last_updated: '2022-02-02T00:00:00' - vendor: CapStorm product: Copystorm cves: @@ -35683,6 +35751,248 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu product: '' cves: diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index d53c7de..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -121,7 +121,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Canon - product: VL Alphenix Angio Workstation (AWS) + product: Canon DR Products CXDI_NE) cves: cve-2021-4104: investigated: false @@ -130,10 +130,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 'All' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -146,7 +146,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: '' + notes: Such as Omnera, FlexPro, Soltus references: - '' last_updated: '2022-02-02T00:00:00' @@ -163,7 +163,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -181,7 +181,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: VL Infinix-i Angio Workstation (AWS) + product: Eye-Care Products cves: cve-2021-4104: investigated: false @@ -193,7 +193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -223,7 +223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -253,7 +253,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -283,7 +283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -311,7 +311,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -331,7 +331,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: XR Medical Imaging Products + product: VL Alphenix Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -340,10 +340,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - 'All' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -361,7 +361,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Eye-Care Products + product: VL Infinix-i Angio Workstation (AWS) cves: cve-2021-4104: investigated: false @@ -373,7 +373,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -391,7 +391,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Canon - product: Canon DR Products CXDI_NE) + product: XR Medical Imaging Products cves: cve-2021-4104: investigated: false @@ -403,7 +403,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -416,7 +416,7 @@ software: unaffected_versions: [] vendor_links: - https://global.medical.canon/service-support/securityinformation/apache_log4j_vulnerability - notes: Such as Omnera, FlexPro, Soltus + notes: '' references: - '' last_updated: '2022-02-02T00:00:00' diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index c615dad..adcaaab 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -2034,7 +2034,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fuji Electric - product: MONITOUCH X1 series + product: MONITOUCH TS1000 series cves: cve-2021-4104: investigated: '' @@ -2046,7 +2046,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2064,7 +2064,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH V9 series + product: MONITOUCH TS1000S series cves: cve-2021-4104: investigated: '' @@ -2076,7 +2076,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2094,7 +2094,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000S series + product: MONITOUCH TS2000 series cves: cve-2021-4104: investigated: '' @@ -2106,7 +2106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2124,7 +2124,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS2000 series + product: MONITOUCH V8 series cves: cve-2021-4104: investigated: '' @@ -2136,7 +2136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2154,7 +2154,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH V8 series + product: MONITOUCH V9 series cves: cve-2021-4104: investigated: '' @@ -2166,7 +2166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2184,7 +2184,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: MONITOUCH TS1000 series + product: MONITOUCH X1 series cves: cve-2021-4104: investigated: '' @@ -2196,7 +2196,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: '' affected_versions: [] @@ -2214,7 +2214,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: V-SFT + product: TELLUS and V-Server cves: cve-2021-4104: investigated: '' @@ -2226,8 +2226,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 5' - - 'Version 6' + - Version 3 + - Version 4 cve-2021-45046: investigated: '' affected_versions: [] @@ -2245,7 +2245,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fuji Electric - product: TELLUS and V-Server + product: V-SFT cves: cve-2021-4104: investigated: '' @@ -2257,8 +2257,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Version 3' - - 'Version 4' + - Version 5 + - Version 6 cve-2021-45046: investigated: '' affected_versions: [] From 793cfeedd90f6b91111df980341fd5e6040b6273 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Wed, 2 Feb 2022 16:01:50 -0700 Subject: [PATCH 127/268] Update cisagov_E.yml Updated Ewon vendor. --- data/cisagov_E.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 1578987..501063c 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4524,7 +4524,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4532,10 +4532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -4551,7 +4552,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam product: '' cves: From 222274ced398e92f8421e0f2a6e644165d67f979 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:27:59 -0500 Subject: [PATCH 128/268] Add Kaltura products --- data/cisagov_K.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 62 insertions(+), 2 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 7149f4a..4b5130c 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: K15t - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K6 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -62,6 +62,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v3900.28.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v3900.26.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun product: '' cves: From 3cf60bf127ab75cdcc1ee6fec9374d3b80cdbaba Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:35:55 -0500 Subject: [PATCH 129/268] Add Kaseya products --- data/cisagov_K.yml | 367 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 364 insertions(+), 3 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 4b5130c..4d5522a 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -123,7 +123,7 @@ software: - '' last_updated: '2021-12-23T07:18:50+00:00' - vendor: Karakun - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -152,7 +152,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kaseya - product: '' + product: AuthAnvil cves: cve-2021-4104: investigated: false @@ -160,10 +160,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,7 +210,337 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Vorex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Kaseya VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Keeper Security product: '' cves: From dc7229903d5e14905b606aff7a7309891e676d4f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:38:52 -0500 Subject: [PATCH 130/268] Fix product error Kaseya --- data/cisagov_K.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 4d5522a..215985d 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -512,7 +512,7 @@ software: - '' last_updated: '2021-12-15T07:18:50+00:00' - vendor: Kaseya - product: Kaseya VSA SaaS and VSA On-Premises + product: VSA SaaS and VSA On-Premises cves: cve-2021-4104: investigated: false From 3af4b6a0d9cefc3b1d4235c5c08b8c1989685c7f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:44:17 -0500 Subject: [PATCH 131/268] Add KeePass, Update Keeper, Kemp --- data/cisagov_K.yml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 215985d..a46712e 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -541,8 +541,8 @@ software: references: - '' last_updated: '2021-12-15T07:18:50+00:00' - - vendor: Keeper Security - product: '' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -550,10 +550,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -565,13 +566,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Keeper + product: All cves: cve-2021-4104: investigated: false @@ -579,9 +580,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -594,13 +596,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit + - https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -623,10 +625,10 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' references: - - '' + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax product: '' From bbac69cb1e0b466246033994978a421e767f5917 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 08:54:30 -0500 Subject: [PATCH 132/268] Add Keycloak, Kofax products --- data/cisagov_K.yml | 132 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 127 insertions(+), 5 deletions(-) diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index a46712e..10d1aec 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -630,8 +630,38 @@ software: references: - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Capture cves: cve-2021-4104: investigated: false @@ -639,10 +669,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.3 - 5.5' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -654,13 +715,74 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robot File System (RFS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -689,7 +811,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -718,7 +840,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false From d25a999e3400f16e3cde4a06a64c5a7b5c018db5 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:59:27 +0000 Subject: [PATCH 133/268] Update the software list --- SOFTWARE-LIST.md | 40 ++- data/cisagov.yml | 599 +++++++++++++++++++++++++++++++++++++++++++-- data/cisagov_K.yml | 12 +- 3 files changed, 607 insertions(+), 44 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 28cf89c..f62ff18 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2004,17 +2004,35 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K15t | | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| K6 | | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Karakun | | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kaseya | | | | Unknown | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Keeper Security | | | | Unknown | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| KEMP 2 | | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kofax | | | | Unknown | [link](https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Konica Minolta | | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kronos UKG | | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Kyberna | | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Kaltura | Blackboard Learn Self- and Managed-Hosting | | v3900.26.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Karakun | All | | | Unknown | [link](https://board.karakun.com/viewtopic.php?f=21&t=8351) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kaseya | AuthAnvil | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | BMS | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | ID Agent DarkWeb ID and BullPhish ID | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | IT Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | MyGlue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Network Glue | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Passly | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | RocketCyber | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spannign Salesforce Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Spanning O365 Backup | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Unitrends | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | Vorex | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Kaseya | VSA SaaS and VSA On-Premises | | | Not Affected | [link](https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| KeePass | All | | | Not Affected | [link](https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keeper | All | | | Fixed | [link](https://www.keepersecurity.com/blog/2021/12/15/public-notice-regarding-the-apache-foundation-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kemp | All | | | Unknown | [link](https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit) | | [Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Keycloak | All | | | Not Affected | [link](https://github.com/keycloak/keycloak/discussions/9078) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Capture | | | Not Affected | [link](https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Communication Manager | | 5.3 - 5.5 | Fixed | [link](https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robot File System (RFS) | | >=10.7 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kofax | Robotic Process Automation (RPA) | | 11.1, 11.2 | Fixed | [link](https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Konica Minolta | All | | | Unknown | [link](https://www.konicaminolta.de/de-de/support/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kronos UKG | All | | | Unknown | [link](https://community.kronos.com/s/feed/0D54M00004wJKHiSAO?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Kyberna | All | | | Unknown | [link](https://www.kyberna.com/detail/log4j-sicherheitsluecke) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L-Soft | | | | Unknown | [link](http://www.lsoft.com/news/log4jinfo.asp) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | L3Harris Geospatial | | | | Unknown | [link](https://www.l3harrisgeospatial.com/Support/Self-Help-Tools/Help-Articles/Help-Articles-Detail/ArtMID/10220/ArticleID/24141/Impact-of-Log4j-Java-Security-Vulnerability-CVE-2021-44228-on-L3Harris-Geospatial-software) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Lancom Systems | | | | Unknown | [link](https://www.lancom-systems.com/service-support/instant-help/general-security-information/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index d09289d..c586742 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -58852,7 +58852,334 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: K15t - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: K6 + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn SaaS in the classic Learn experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.28.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Kaltura + product: Blackboard Learn Self- and Managed-Hosting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v3900.26.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412 + notes: '' + references: + - '' + last_updated: '2021-12-23T07:18:50+00:00' + - vendor: Karakun + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://board.karakun.com/viewtopic.php?f=21&t=8351 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kaseya + product: AuthAnvil + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: BMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: ID Agent DarkWeb ID and BullPhish ID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: IT Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: MyGlue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Network Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Passly cves: cve-2021-4104: investigated: false @@ -58860,10 +59187,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58875,13 +59203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.k15t.com/k15t-apps-and-log4shell-193401141.html + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: K6 - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: RocketCyber cves: cve-2021-4104: investigated: false @@ -58889,10 +59217,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spannign Salesforce Backup + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58904,13 +59263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/ + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Karakun - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Spanning O365 Backup cves: cve-2021-4104: investigated: false @@ -58918,10 +59277,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: Unitrends + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58933,13 +59323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://board.karakun.com/viewtopic.php?f=21&t=8351 + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Kaseya - product: '' + product: Vorex cves: cve-2021-4104: investigated: false @@ -58947,10 +59337,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://helpdesk.kaseya.com/hc/en-gb/articles/4413449967377-Log4j2-Vulnerability-Assessment + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Kaseya + product: VSA SaaS and VSA On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58966,9 +59387,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Keeper Security - product: '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: KeePass + product: All cves: cve-2021-4104: investigated: false @@ -58976,10 +59397,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://sourceforge.net/p/keepass/discussion/329220/thread/4643c5ec4f/?limit=250 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keeper + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58996,8 +59448,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP - product: '' + - vendor: Kemp + product: All cves: cve-2021-4104: investigated: false @@ -59022,11 +59474,41 @@ software: vendor_links: - https://support.kemptechnologies.com/hc/en-us/articles/4416430695437-CVE-2021-44228-Log4j2-Exploit notes: '' + references: + - '[Additional Link](https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228-)' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Keycloak + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/keycloak/keycloak/discussions/9078 + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: KEMP 2 - product: '' + - vendor: Kofax + product: Capture cves: cve-2021-4104: investigated: false @@ -59034,10 +59516,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Capture/Kofax_Capture/Reference/Log4J_Vulnerability_CVE-2021-44228_Does_Not_Affect_Kofax_Capture + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Communication Manager + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.3 - 5.5 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59049,13 +59562,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.kemptechnologies.com/hc/en-us/articles/4416473820045-Progress-Kemp-LoadMaster-protects-from-security-vulnerability-Apache-Log4j-2-CVE-2021-44228- + - https://knowledge.kofax.com/Communications_Manager/Troubleshooting/log4j_vulnerability_in_Kofax_Communications_Manager notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kofax - product: '' + product: Robot File System (RFS) cves: cve-2021-4104: investigated: false @@ -59063,10 +59576,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=10.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Kofax + product: Robotic Process Automation (RPA) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.1' + - '11.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59078,13 +59623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.kofax.com/MFD_Productivity/SafeCom/Product_Information/SafeCom_and_Log4j_vulnerability_(CVE-2021-44228) + - https://knowledge.kofax.com/Robotic_Process_Automation/Troubleshooting notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Konica Minolta - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -59113,7 +59658,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kronos UKG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -59142,7 +59687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Kyberna - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_K.yml b/data/cisagov_K.yml index 10d1aec..2f4d413 100644 --- a/data/cisagov_K.yml +++ b/data/cisagov_K.yml @@ -74,7 +74,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v3900.28.x' + - v3900.28.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -104,7 +104,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v3900.26.x' + - v3900.26.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -554,7 +554,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -643,7 +643,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -673,7 +673,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -702,7 +702,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.3 - 5.5' + - 5.3 - 5.5 unaffected_versions: [] cve-2021-45046: investigated: false From f8c0448f3be39214575817e5d16be858a49a0294 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:05:00 +0000 Subject: [PATCH 134/268] Update the software list --- SOFTWARE-LIST.md | 2 +- data/cisagov.yml | 9 +++++---- data/cisagov_E.yml | 2 +- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index f62ff18..4e13419 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1152,7 +1152,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | ESRI | Portal for ArcGIS | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | Estos | | | | Unknown | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Evolveum Midpoint | | | | Unknown | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ewon | | | | Unknown | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ewon | All | | | Not Affected | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index c586742..b0e0a6d 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -33487,7 +33487,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ewon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -33495,10 +33495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33514,7 +33515,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam product: '' cves: diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 501063c..687ac2d 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4536,7 +4536,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] From 4efa317cb99ffea80b68380f1ef72c2b9fd0d310 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:35:31 -0500 Subject: [PATCH 135/268] Add Qlik products --- data/cisagov_Q.yml | 934 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 931 insertions(+), 3 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 7062f16..6b70c17 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -4,8 +4,38 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +64,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Qlik - product: '' + product: AIS, including ARC cves: cve-2021-4104: investigated: false @@ -42,10 +72,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -61,7 +122,874 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '6.6.1' + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.10.0' + - '4.10.1' + - '4.10.2' + - '4.11.0' + - '4.11.1' + - '4.12.0' + - '4.12.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - '6.6.1' + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.26.5' + - '5.27.5 - 5.28.2' + - '5.29.4 - 5.30.1' + - '5.31.1' + - '5.31.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.19.1 - 4.27.3' + - '4.23.4' + - '4.32.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'May 2021 release and after' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: REST Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: Connectos are not affected. + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: From 951c85f25b868c30822602bfdd73d6aaf0e4ddd4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:44:06 -0500 Subject: [PATCH 136/268] Add QNAP products --- data/cisagov_Q.yml | 109 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 100 insertions(+), 9 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index 6b70c17..bfe3c24 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -1000,9 +1000,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.4+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.4+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1030,9 +1030,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1060,9 +1060,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1111,7 +1111,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -1119,10 +1179,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1140,7 +1231,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false From 6da80d105a969d55b9607093eebb7e549836d893 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 10:58:54 -0500 Subject: [PATCH 137/268] Add Quest products --- data/cisagov_Q.yml | 98 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 94 insertions(+), 4 deletions(-) diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index bfe3c24..b915cea 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -1259,8 +1259,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1289,7 +1318,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1317,8 +1346,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -1326,10 +1355,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 4cd0024017779a629303133aad3bb1974c70a865 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 16:05:36 +0000 Subject: [PATCH 138/268] Update the software list --- SOFTWARE-LIST.md | 56 ++- data/cisagov.yml | 1145 +++++++++++++++++++++++++++++++++++++++++++- data/cisagov_Q.yml | 62 +-- 3 files changed, 1204 insertions(+), 59 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4e13419..85ae05c 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2446,17 +2446,53 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QF-Test | | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Qlik | | | | Unknown | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QMATIC | Appointment Booking | 2.4+ | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Appointment Booking | Cloud/Managed Service | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QMATIC | Insights | Cloud | | Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Attunity Visibility | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | AutoML | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Blendr | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DL | | 6.6 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | C4DW | | 6.6, 6.6.1, 7.0 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Catalog | | 4.10.0, 4.10.1, 4.10.2, 4.11.0, 4.11.1, 4.12.0, 4.12.1 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose | | 2021.2, 2021.5, 2021.8 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Lakes | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Compose for Data Wharehouses | | | Not Affected | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Plus | | 5.26.5, 5.27.5 - 5.28.2, 5.29.4 - 5.30.1, 5.31.1, 5.31.2 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | GeoAnalytics Server | | 4.19.1 - 4.27.3, 4.23.4, 4.32.3 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nodegraph | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Nprinting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | ODBC Connector Package | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | QEM | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Alerting | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Catalog | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Data Transfer | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Enterprise Manager | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Forts | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik RepliWeb and ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Business | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Sense Enterprise SaaS | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik View | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Qlik Web Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Replicate | | 6.6, 7.0, 2021.5, 2021.11 | Fixed | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | REST Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Qlik | Salesforce and SAP Connectors | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | Connectos are not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| QMATIC | Appointment Booking | | 2.4+ | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | Update to v. 2.8.2 which contains log4j 2.16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Appointment Booking | | Cloud/Managed Service | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-15 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| QMATIC | Insights | | Cloud | Fixed | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | log4j 2.16 applied 2021-12-16 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | QMATIC | Orchestra Central | | | Not Affected | [link](https://www.qmatic.com/meet-qmatic/news/qmatic-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| QNAP | | | | Unknown | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QOPPA | | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QSC Q-SYS | | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| QT | | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Quest Global | | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QES Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | Qsirch | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QTS Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QNAP | QuTS Hero Operating System | | | Not Affected | [link](https://www.qnap.com/en-uk/security-advisory/qsa-21-58) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOPPA | All | | | Unknown | [link](https://kbdeveloper.qoppa.com/cve-2021-44228-apache-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QOS.ch | SLF4J Simple Logging Facade for Java | | | Unknown | [link](https://www.slf4j.org/log4shell.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QSC Q-SYS | All | | | Unknown | [link](https://qscprod.force.com/selfhelpportal/s/article/Are-Q-SYS-products-affected-by-the-Log4j-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| QT | All | | | Unknown | [link](https://www.qt.io/blog/the-qt-company-products-not-affected-by-cve-2021-44228-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | | Unknown | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Foglight | | 6.0 | Fixed | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Quest | Quest KACE SMA | | | Not Affected | [link](https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | R | R | | | Not Affected | [link](https://www.r-project.org/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | R2ediviewer | | | | Unknown | [link](https://r2ediviewer.de/DE/reload.html?Change-log_17858584.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Radware | | | | Unknown | [link](https://support.radware.com/app/answers/answer_view/a_id/1029752) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index b0e0a6d..70b0033 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -71853,8 +71853,871 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qconference + product: FaceTalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/ + notes: '' + references: + - '' + last_updated: '2021-12-16T07:18:50+00:00' - vendor: QF-Test - product: '' + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Qlik + product: AIS, including ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Attunity Visibility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: AutoML + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Blendr + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: C4DW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - 6.6.1 + - '7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2021.2' + - '2021.5' + - '2021.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Lakes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869987 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Compose for Data Wharehouses + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '6.6' + - 6.6.1 + - '7.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869990 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: GeoAnalytics Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nodegraph + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Nprinting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: ODBC Connector Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: QEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Alerting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - May 2021 release and after + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Data Transfer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Knowledge/CVE-2021-44228-Handling-the-log4j-lookups-critical-vulnerability/ta-p/1869994 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Forts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik RepliWeb and ARC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Sense Enterprise SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Qlik Web Connectors cves: cve-2021-4104: investigated: false @@ -71862,10 +72725,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Replicate + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6' + - '7.0' + - '2021.5' + - '2021.11' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -71877,13 +72774,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Qlik - product: '' + product: REST Connectors cves: cve-2021-4104: investigated: false @@ -71891,10 +72788,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' + - vendor: Qlik + product: Salesforce and SAP Connectors + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -71907,10 +72835,10 @@ software: unaffected_versions: [] vendor_links: - https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368 - notes: '' + notes: Connectos are not affected. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: QMATIC product: Appointment Booking cves: @@ -71921,9 +72849,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.4+ - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71951,9 +72879,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud/Managed Service - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -71981,9 +72909,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Cloud - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -72032,7 +72960,67 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: QNAP - product: '' + product: QES Operating System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: Qsirch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QTS Operating System cves: cve-2021-4104: investigated: false @@ -72040,10 +73028,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.qnap.com/en-uk/security-advisory/qsa-21-58 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QNAP + product: QuTS Hero Operating System + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -72061,7 +73080,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QOPPA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -72089,8 +73108,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: QOS.ch + product: SLF4J Simple Logging Facade for Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.slf4j.org/log4shell.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: QSC Q-SYS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -72119,7 +73167,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: QT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -72147,8 +73195,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Quest Global - product: '' + - vendor: Quest + product: Foglight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.9' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Foglight cves: cve-2021-4104: investigated: false @@ -72156,10 +73234,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.quest.com/fr-fr/search#q=CVE-2021-44228&t=Global + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Quest + product: Quest KACE SMA + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_Q.yml b/data/cisagov_Q.yml index b915cea..5f2d36c 100644 --- a/data/cisagov_Q.yml +++ b/data/cisagov_Q.yml @@ -76,7 +76,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -106,7 +106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -136,7 +136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -166,7 +166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -226,7 +226,7 @@ software: affected_versions: [] fixed_versions: - '6.6' - - '6.6.1' + - 6.6.1 - '7.0' unaffected_versions: [] cve-2021-45046: @@ -257,13 +257,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.10.0' - - '4.10.1' - - '4.10.2' - - '4.11.0' - - '4.11.1' - - '4.12.0' - - '4.12.1' + - 4.10.0 + - 4.10.1 + - 4.10.2 + - 4.11.0 + - 4.11.1 + - 4.12.0 + - 4.12.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -357,7 +357,7 @@ software: fixed_versions: [] unaffected_versions: - '6.6' - - '6.6.1' + - 6.6.1 - '7.0' cve-2021-45046: investigated: false @@ -387,11 +387,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.26.5' - - '5.27.5 - 5.28.2' - - '5.29.4 - 5.30.1' - - '5.31.1' - - '5.31.2' + - 5.26.5 + - 5.27.5 - 5.28.2 + - 5.29.4 - 5.30.1 + - 5.31.1 + - 5.31.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -421,9 +421,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.19.1 - 4.27.3' - - '4.23.4' - - '4.32.3' + - 4.19.1 - 4.27.3 + - 4.23.4 + - 4.32.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -484,7 +484,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -577,7 +577,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -607,7 +607,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'May 2021 release and after' + - May 2021 release and after cve-2021-45046: investigated: false affected_versions: [] @@ -730,7 +730,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -790,7 +790,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -850,7 +850,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -880,7 +880,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -943,7 +943,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -973,7 +973,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1002,7 +1002,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.4+' + - 2.4+ unaffected_versions: [] cve-2021-45046: investigated: false From 2a970b297bdf29c1070228f1b6a2b92cd5b42280 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 11:14:09 -0500 Subject: [PATCH 139/268] Add Wallix --- data/cisagov_W.yml | 39 ++++++++++++++++++++++++++++++++++----- 1 file changed, 34 insertions(+), 5 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b2629d1..ca579ee 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -14,9 +14,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.2.x < 4.8.1.3 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '4.2.x < 4.8.1.3' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35,7 +35,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -63,8 +63,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false From 75fa37d51505ce0f29316eb1f6f88b75ba8347e2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 11:23:00 -0500 Subject: [PATCH 140/268] Add WatchGuard products --- data/cisagov_W.yml | 215 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 213 insertions(+), 2 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index ca579ee..efbf4b3 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -121,8 +121,128 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Cloud' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard - product: Secplicity + product: Firebox cves: cve-2021-4104: investigated: false @@ -130,10 +250,101 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Threat Detection and Response + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -145,7 +356,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' From 54a0b7d46baa6ae7783509ed7ec4616683f8e9ad Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 11:47:22 -0500 Subject: [PATCH 141/268] Update Wildfly, Wireshark, WitFoo, Wowza --- data/cisagov_W.yml | 83 ++++++++++++++++++++++++++++++++++------------ 1 file changed, 62 insertions(+), 21 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index efbf4b3..b6b9e8b 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -400,9 +400,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.2 and prior - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.2 and prior' unaffected_versions: [] cve-2021-45046: investigated: false @@ -430,9 +430,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 1.30 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -450,6 +450,42 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: WildFly + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '< 22' + - '> 26.0.0.Final' + - '>= 22' + - '<= 26.0.0.Beta1' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: Wind River product: LTS17 cves: @@ -724,7 +760,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: WireShark - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -732,10 +768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -747,13 +784,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Wistia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -782,7 +819,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo - product: '' + product: Precinct cves: cve-2021-4104: investigated: false @@ -792,7 +829,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -806,12 +844,12 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: '' + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -819,10 +857,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -840,7 +879,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -869,7 +908,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza - product: '' + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -877,9 +916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '4.7.8' + - '4.8.x' unaffected_versions: [] cve-2021-45046: investigated: false From 3919bebc36a6d038385f02855f98b21dafa7fa60 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 12:03:15 -0500 Subject: [PATCH 142/268] Add WSO2 products --- data/cisagov_W.yml | 490 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 485 insertions(+), 5 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b6b9e8b..b53f64c 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -939,7 +939,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 - product: WSO2 Enterprise Integrator + product: API Manager cves: cve-2021-4104: investigated: false @@ -948,10 +948,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -964,8 +994,458 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' ... From 391e4b4ec5fb54ae61a56c4d5de275f5b702d119 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 17:10:07 +0000 Subject: [PATCH 143/268] Update the software list --- SOFTWARE-LIST.md | 50 ++- data/cisagov.yml | 849 ++++++++++++++++++++++++++++++++++++++++++--- data/cisagov_W.yml | 22 +- 3 files changed, 855 insertions(+), 66 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 85ae05c..93ed32f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3104,13 +3104,21 @@ NOTE: This file is automatically generated. To submit updates, please refer to | VMware | VMware Workspace ONE Access Connector (VMware Identity Manager Connector) | 21.x, 20.10.x, 19.03.0.1 | | Affected | [link](https://www.vmware.com/security/advisories/VMSA-2021-0028.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | | VTScada | All | | | Not Affected | [link](https://www.vtscada.com/vtscada-unaffected-by-log4j/) | Java is not utilized within VTScada software, and thus our users are unaffected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | | Vyaire | | | | Unknown | [link](https://www.vyaire.com/sites/us/files/2021-12/2021-12-15-product-security-bulletin-for-log4shell-vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WAGO | WAGO Smart Script | 4.2.x < 4.8.1.3 | | Affected | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Wallarm | | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wasp Barcode technologies | | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WatchGuard | Secplicity | | | Unknown | [link](https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WAGO | WAGO Smart Script | | 4.2.x < 4.8.1.3 | Fixed | [link](https://www.wago.com/de/automatisierungstechnik/psirt#log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Wallarm | All | | | Unknown | [link](https://lab.wallarm.com/cve-2021-44228-mitigation-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wasp Barcode technologies | All | | | Unknown | [link](https://support.waspbarcode.com/kb/articles/assetcloud-inventorycloud-are-they-affected-by-the-java-exploit-log4j-no) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Watcher | All | | | Not Affected | [link](https://twitter.com/felix_hrn/status/1470387338001977344) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | AuthPoint | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Dimension | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | EDPR and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Firebox | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | System Manager, Dimension, and Panda AD360 | | | Not Affected | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Threat Detection and Response | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WatchGuard | Wi-Fi Cloud | | Cloud | Fixed | [link](https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Western Digital | | | | Unknown | [link](https://www.westerndigital.com/support/product-security/wdc-21016-apache-log4j-2-remote-code-execution-vulnerability-analysis) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WIBU Systems | CodeMeter Cloud Lite | 2.2 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| WIBU Systems | CodeMeter Keyring for TIA Portal | 1.30 and prior | | Affected | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Cloud Lite | | 2.2 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WIBU Systems | CodeMeter Keyring for TIA Portal | | 1.30 and prior | Fixed | [link](https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/Advisory_WIBU-211213-01.pdf) | Only the Password Manager is affected | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| WildFly | All | | | Not Affected | [link](https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS17 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS18 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | LTS19 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | @@ -3119,13 +3127,29 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Wind River | WRL-7 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-8 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | | Wind River | WRL-9 | | | Not Affected | [link](https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-21 | -| WireShark | | | | Unknown | [link](https://gitlab.com/wireshark/wireshark/-/issues/17783) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wistia | | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WitFoo | | | | Unknown | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WordPress | | | | Unknown | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Worksphere | | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Wowza | | | | Unknown | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| WSO2 | WSO2 Enterprise Integrator | 6.1.0 and above | | Affected | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WireShark | All | | | Not Affected | [link](https://www.wireshark.org/news/20211215.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Wistia | All | | | Unknown | [link](https://status.wistia.com/incidents/jtg0dfl5l224) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WitFoo | Precinct | | 6.x | Fixed | [link](https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/) | WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WordPress | All | | | Not Affected | [link](https://wordpress.org/support/topic/is-the-log4j-vulnerability-an-issue/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Worksphere | All | | | Unknown | [link](https://www.worksphere.com/product/security-update-on-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Wowza | Streaming Engine | | 4.7.8, 4.8.x | Fixed | [link](https://www.wowza.com/docs/known-issues-with-wowza-streaming-engine#log4j2-cve) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| WSO2 | API Manager | | >= 3.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | API Manager Analytics | | >= 2.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator | | >= 6.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Enterprise Integrator Analytics | | >= 6.6.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server Analytics | | >= 5.7.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Identity Server as Key Manager | | >= 5.9.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Gateway | | >= 3.2.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator | | >= 1.1.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Dashboard | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Micro Integrator Monitoring Dashboard | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking AM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking BI | | >= 1.3.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Open Banking KM | | >= 2.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 70b0033..e2d8bd9 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -91557,9 +91557,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.2.x < 4.8.1.3 - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -91578,7 +91578,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Wallarm - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -91606,8 +91606,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wallix + product: Access Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.wallix.com/fr/support/alerts/ + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. + references: + - '' - vendor: Wasp Barcode technologies - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -91635,8 +91665,188 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Watcher + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/felix_hrn/status/1470387338001977344 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: AuthPoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Dimension + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: EDPR and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Firebox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: System Manager, Dimension, and Panda AD360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: WatchGuard - product: Secplicity + product: Threat Detection and Response cves: cve-2021-4104: investigated: false @@ -91644,10 +91854,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: WatchGuard + product: Wi-Fi Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -91659,7 +91900,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.secplicity.org/2021/12/10/critical-rce-vulnerability-in-log4js/ + - https://techsearch.watchguard.com/KB?type=Security%20Issues&SFDCID=kA16S000000SNnuSAG&lang=en_US notes: '' references: - '' @@ -91703,9 +91944,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.2 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -91733,9 +91974,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 1.30 and prior - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -91753,8 +91994,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Wind River - product: LTS17 + - vendor: WildFly + product: All cves: cve-2021-4104: investigated: true @@ -91767,7 +92008,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - < 22 + - '> 26.0.0.Final' + - '>= 22' + - <= 26.0.0.Beta1 cve-2021-45046: investigated: true affected_versions: [] @@ -91781,13 +92025,13 @@ software: unaffected_versions: - All vendor_links: - - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + - https://www.wildfly.org/news/2021/12/13/Log4j-CVEs/ notes: '' references: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS18 + product: LTS17 cves: cve-2021-4104: investigated: true @@ -91820,7 +92064,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS19 + product: LTS18 cves: cve-2021-4104: investigated: true @@ -91853,7 +92097,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: LTS21 + product: LTS19 cves: cve-2021-4104: investigated: true @@ -91884,9 +92128,9 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-21T00:00:00' - vendor: Wind River - product: WRL-6 + product: LTS21 cves: cve-2021-4104: investigated: true @@ -91914,9 +92158,42 @@ software: - All vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 - and JMSAppender components, however, JMSAppender is deactivated in the release - package and not affected by CVE-2021-4104 customers are advised to NOT manually + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Wind River + product: WRL-6 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 + and JMSAppender components, however, JMSAppender is deactivated in the release + package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' @@ -92027,7 +92304,7 @@ software: - '' last_updated: '2022-01-21T00:00:00' - vendor: WireShark - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92035,10 +92312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -92050,13 +92328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://gitlab.com/wireshark/wireshark/-/issues/17783 + - https://www.wireshark.org/news/20211215.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: Wistia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92085,7 +92363,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WitFoo - product: '' + product: Precinct cves: cve-2021-4104: investigated: false @@ -92095,7 +92373,8 @@ software: cve-2021-44228: investigated: false affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -92109,12 +92388,13 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: '' + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WordPress - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92122,10 +92402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -92143,7 +92424,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Worksphere - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92172,7 +92453,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Wowza - product: '' + product: Streaming Engine cves: cve-2021-4104: investigated: false @@ -92180,9 +92461,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -92201,7 +92484,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: WSO2 - product: WSO2 Enterprise Integrator + product: API Manager cves: cve-2021-4104: investigated: false @@ -92210,10 +92493,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.1.0 and above + affected_versions: [] + fixed_versions: + - '>= 3.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: API Manager Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -92226,10 +92539,460 @@ software: unaffected_versions: [] vendor_links: - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 - notes: A temporary mitigation is available while vendor works on update + notes: A temporary mitigation is available while vendor works on update. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Enterprise Integrator Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 6.6.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.7.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Identity Server as Key Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 5.9.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 3.2.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.1.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Micro Integrator Monitoring Dashboard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking AM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking BI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Open Banking KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 2.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Integrator Tooling + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 1.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: WSO2 + product: Stream Processor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>= 4.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.wso2.com/pages/viewpage.action?pageId=180948677 + notes: A temporary mitigation is available while vendor works on update. + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' - vendor: XCP-ng product: '' cves: diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index b53f64c..74a2c36 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -16,7 +16,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.2.x < 4.8.1.3' + - 4.2.x < 4.8.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -89,7 +89,8 @@ software: unaffected_versions: [] vendor_links: - https://www.wallix.com/fr/support/alerts/ - notes: Customer Portal for patch found in advisory. This patch is available to customer only and has not been reviewed by CISA. + notes: Customer Portal for patch found in advisory. This patch is available to + customer only and has not been reviewed by CISA. references: - '' - vendor: Wasp Barcode technologies @@ -163,7 +164,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Cloud' + - Cloud unaffected_versions: [] cve-2021-45046: investigated: false @@ -402,7 +403,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.2 and prior' + - 2.2 and prior unaffected_versions: [] cve-2021-45046: investigated: false @@ -464,10 +465,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '< 22' + - < 22 - '> 26.0.0.Final' - '>= 22' - - '<= 26.0.0.Beta1' + - <= 26.0.0.Beta1 cve-2021-45046: investigated: true affected_versions: [] @@ -830,7 +831,7 @@ software: investigated: false affected_versions: [] fixed_versions: - - '6.x' + - 6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -844,7 +845,8 @@ software: unaffected_versions: [] vendor_links: - https://www.witfoo.com/blog/emergency-update-for-cve-2021-44228-log4j/ - notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See advisory. + notes: WitFoo Streamer & Apache Kafka Docker containers are/were vulnerable. See + advisory. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -919,8 +921,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.7.8' - - '4.8.x' + - 4.7.8 + - 4.8.x unaffected_versions: [] cve-2021-45046: investigated: false From f9cb625c7d030bc65344a03f5d8aea5732a09e90 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 12:37:44 -0500 Subject: [PATCH 144/268] Update Dell to Storage Analytics --- data/cisagov_D.yml | 111 ++++++++++++++++++++++++--------------------- 1 file changed, 60 insertions(+), 51 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index df05ebd..ed70ff1 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -1906,7 +1906,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: 'Versions prior to 11.5(1x)' fixed_versions: [] @@ -1927,7 +1927,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/23/21. references: - - 'https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connectrix B-Series SANnav @@ -1957,7 +1957,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 2/28/2022. references: - - 'https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Connextrix B Series @@ -2060,7 +2060,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions from 7.3.0.5 to 7.7.0.6 + - 'Versions from 7.3.0.5 to 7.7.0.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2077,7 +2077,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-274 references: - - 'https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell BSAFE Crypto-C Micro Edition @@ -2902,7 +2902,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2951,7 +2951,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/20/21. references: - - 'https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC BSN Controller Node @@ -2962,7 +2962,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: - '' @@ -2981,7 +2981,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-305 references: - - 'https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228' + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloud Disaster Recovery @@ -3011,7 +3011,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch pending references: - - 'https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046' + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Cloudboost @@ -3144,9 +3144,16 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '18.x (or earlier) -standalone DPA is EOSL' + - '18.2.x (IDPA)' + - '19.1.x' + - '19.2.x' + - '19.3.x' + - '19.4.x' + - '19.5.x' + - '19.6.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3161,7 +3168,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - - '' + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Data Protection Central @@ -3172,9 +3179,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '18.2.x-19.4.x' + - '19.5.0-19.5.0.7' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3188,9 +3197,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: See DSA-2021-269 references: - - '' + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Data Protection Search @@ -3203,7 +3212,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions before 19.5.0.7 + - 'Versions before 19.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3220,7 +3229,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-279 references: - - '' + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC DataIQ @@ -3235,7 +3244,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3265,7 +3274,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3282,35 +3291,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell EMC ECS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: @@ -5920,6 +5900,35 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/18/21 + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Embedded NAS cves: From 2f15a136a76c72ec4b0fd871f5bcfae62d098d87 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 12:54:51 -0500 Subject: [PATCH 145/268] Update Dell to Ansible Modules --- data/cisagov_D.yml | 55 ++++++++++++++++++++++++---------------------- 1 file changed, 29 insertions(+), 26 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index ed70ff1..ef2535c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3302,7 +3302,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + - '<6.0.0' + - '6.1.0' + - '6.2.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3319,7 +3321,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-278 references: - - '' + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC GeoDrive @@ -3334,7 +3336,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3362,7 +3364,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3377,13 +3379,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + Azure Stack HCI monitor the following advisories. See DSA-2021-307. references: - - '' + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Integrated System for Microsoft Azure Stack Hub @@ -3396,7 +3397,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3411,7 +3412,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: Patch expected by 2022-01-31. references: - '' last_updated: '2021-12-15T00:00:00' @@ -3428,7 +3429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3458,7 +3459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3486,7 +3487,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.x + - 'Versions before 7.0.1 P2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3503,10 +3504,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-308 references: - - '' + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: Dell EMC NetWorker cves: cve-2021-4104: investigated: false @@ -3516,7 +3517,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - '19.4.x' + - '19.5.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3533,10 +3535,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Dell EMC NetWorker VE cves: cve-2021-4104: investigated: false @@ -3546,7 +3548,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - '19.4.x' + - '19.5.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3563,7 +3566,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Networking Onie @@ -3578,7 +3581,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3605,10 +3608,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3621,7 +3624,7 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' @@ -3638,7 +3641,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From 70aae6a92bc9e70746d584ddd293effeb30e81fc Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:19:55 -0500 Subject: [PATCH 146/268] Update Dell through Powerflex Alliance --- data/cisagov_D.yml | 98 ++++++++++++++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 34 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index ef2535c..87f385c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3658,6 +3658,66 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise Modular + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'Versions before 1.40.10' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-268 + references: + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC OpenManage Enterprise Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'Version 1.2 and earlier' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Patch expected by 12/20/21 + references: + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC OpenManage integration for Splunk cves: @@ -3671,7 +3731,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3701,7 +3761,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3731,7 +3791,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3762,7 +3822,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5094,36 +5154,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell Open Management Enterprise - Modular - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - <1.40.10 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell OpenManage Change Management cves: From ac0bbc41e45ad55b98921e715518dc61d6f4ff09 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:22:40 -0500 Subject: [PATCH 147/268] Remove EMC Enterprise Services duplicate --- data/cisagov_D.yml | 29 ----------------------------- 1 file changed, 29 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 87f385c..3562bd5 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -5814,35 +5814,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: DellEMC OpenManage Enterprise Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dream Catcher cves: From c7d20ebfded0f033eb8a16eb9094c7512aae386d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 13:59:51 -0500 Subject: [PATCH 148/268] Update Dell products through EMC PowerShell --- data/cisagov_D.yml | 133 ++++++++++++++++++++++++--------------------- 1 file changed, 72 insertions(+), 61 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3562bd5..9a081de 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3658,6 +3658,36 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'Versions before 3.8.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-275 + references: + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell OpenManage Enterprise Modular cves: @@ -3850,8 +3880,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3866,9 +3895,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-293. references: - - '' + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerFlex Rack @@ -3881,7 +3910,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - 'RCM 3.3 train - all versions up to 3.3.11.0' + - 'RCM 3.4 train - all versions up to 3.4.6.0' + - 'RCM 3.5 train - all versions up to 3.5.6.0' + - 'RCM 3.6 train - all versions up to 3.6.2.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3896,9 +3928,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-292. references: - - '' + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerFlex Software (SDS) @@ -3911,7 +3943,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - '3.5' + - '3.5.1' + - '3.5.1.1' + - '3.5.1.2' + - '3.5.1.3' + - '3.5.1.4' + - '3.6' + - '3.6.0.1' + - '3.6.0.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3926,9 +3966,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-272. references: - - '' + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerPath @@ -3943,7 +3983,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3973,7 +4013,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4003,7 +4043,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4031,7 +4071,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions 19.9 and earlier + - 'All versions 19.9 and earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4046,9 +4086,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-286. references: - - '' + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerProtect DP Series Appliance (iDPA) @@ -4061,7 +4101,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 2.7.0 and earlier + - '2.7.0 and earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4076,9 +4116,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA 2021-285. references: - - '' + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerScale OneFS @@ -4093,7 +4133,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4123,7 +4163,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4153,7 +4193,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4183,7 +4223,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4209,8 +4249,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'Versions before 2.0.1.3-1538564' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4225,9 +4266,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-295. references: - - '' + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC PowerVault MD3 Series Storage Arrays @@ -4242,7 +4283,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5095,7 +5136,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -5125,7 +5166,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -6773,37 +6814,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: OpenManage Integration for Microsoft System Center for System Center Operations Manager cves: cve-2021-4104: investigated: false From f5f56dfe7dca81e44c98c443220b2237ba841219 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:04:05 -0500 Subject: [PATCH 149/268] Fix trailing whitespace in versions --- data/cisagov_D.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 9a081de..1f45e5e 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -3946,9 +3946,9 @@ software: - '3.5' - '3.5.1' - '3.5.1.1' - - '3.5.1.2' - - '3.5.1.3' - - '3.5.1.4' + - '3.5.1.2' + - '3.5.1.3' + - '3.5.1.4' - '3.6' - '3.6.0.1' - '3.6.0.2' From 09c0725de1499cef357dcbee0558bffc862aa333 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:53:40 -0500 Subject: [PATCH 150/268] Add/Update through DUP --- data/cisagov_D.yml | 299 ++++++++++++++++++++++++++++++++------------- 1 file changed, 215 insertions(+), 84 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 1f45e5e..d1a7da5 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -4271,7 +4271,7 @@ software: - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC PowerSwitch Z9264F-ON BMC cves: cve-2021-4104: investigated: false @@ -4301,7 +4301,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC PowerSwitch Z9432F-ON BMC cves: cve-2021-4104: investigated: false @@ -4313,7 +4313,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4331,7 +4331,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -4340,10 +4340,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4356,12 +4356,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Dell EMC RecoverPoint cves: cve-2021-4104: investigated: false @@ -4371,7 +4371,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All 5.0.x and later versions + - 'All' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4386,9 +4386,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA 2021-284. references: - - '' + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Repository Manager (DRM) @@ -4403,7 +4403,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4429,9 +4429,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4447,7 +4448,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Ruckus SmartZone 300 Controller @@ -4458,9 +4459,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4476,7 +4478,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Ruckus Virtual Software @@ -4487,9 +4489,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4505,7 +4508,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC SourceOne @@ -4520,7 +4523,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4538,7 +4541,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Dell EMC SRM cves: cve-2021-4104: investigated: false @@ -4547,9 +4550,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Versions before 4.6.0.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4563,9 +4566,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: See DSA-2021-301. references: - - '' + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Streaming Data Platform @@ -4576,8 +4579,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '1.1' + - '1.2' + - '1.2 HF1' + - '1.3' + - '1.3.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4592,9 +4600,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: See DSA-2021-297. references: - - '' + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Systems Update (DSU) @@ -4609,7 +4617,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4639,7 +4647,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4665,9 +4673,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -4681,9 +4690,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: See DSA-2021-294. references: - - '' + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC Virtual Storage Integrator @@ -4698,7 +4707,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4728,7 +4737,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4745,6 +4754,36 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC vProtect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '19.5-19.9' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2022-007. + references: + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC VxRail cves: @@ -4756,7 +4795,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + - '4.5.x' + - '4.7.x' + - '7.0.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4771,9 +4812,39 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-265. references: - - '' + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell EMC XC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-311. + references: + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC XtremIO @@ -4788,7 +4859,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4818,7 +4889,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4848,7 +4919,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4878,7 +4949,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4908,7 +4979,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4938,7 +5009,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4968,7 +5039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4998,7 +5069,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell Memory Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5028,7 +5129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5058,7 +5159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5088,7 +5189,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5118,7 +5219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5148,7 +5249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5178,7 +5279,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5208,7 +5309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5226,7 +5327,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -5238,7 +5339,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise CloudIQ plugin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5268,7 +5399,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5298,7 +5429,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5328,7 +5459,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5358,7 +5489,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5388,7 +5519,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5418,7 +5549,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5448,7 +5579,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5478,7 +5609,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5508,7 +5639,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5538,7 +5669,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5568,7 +5699,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5598,7 +5729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5628,7 +5759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5658,7 +5789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5688,7 +5819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5718,7 +5849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5748,7 +5879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5778,7 +5909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5808,7 +5939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5838,7 +5969,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5868,7 +5999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5898,7 +6029,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5928,7 +6059,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From 12d381b5426114e8a5bb2fab543026a1974ec875 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:57:41 -0500 Subject: [PATCH 151/268] Fix trailing whitespace --- data/cisagov_D.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index d1a7da5..3a3e7a4 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -4581,7 +4581,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1.1' + - '1.1' - '1.2' - '1.2 HF1' - '1.3' From 74c0f645adcb3a0bc8ed5196bdc74f76db5c4c45 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:13:12 -0500 Subject: [PATCH 152/268] Update to Dell Secure Connect --- data/cisagov_D.yml | 295 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 241 insertions(+), 54 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3a3e7a4..c66647c 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -6085,9 +6085,15 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '3.3.x' + - '3.4.x' + - '3.5.x' + - '3.6.0.x' + - '3.6.1.x' + - '3.6.2.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6101,9 +6107,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: See DSA-2021-273. references: - - '' + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Embedded NAS @@ -6118,7 +6124,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6148,7 +6154,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6174,10 +6180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6190,9 +6197,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: See DSA-2021-270. references: - - '' + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Equallogic PS @@ -6207,7 +6214,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6237,7 +6244,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6267,7 +6274,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6297,7 +6304,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6327,7 +6334,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6357,7 +6364,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6387,7 +6394,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: ISG Drive & Storage Media + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6417,7 +6454,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6447,7 +6484,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6477,7 +6514,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: MDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6507,7 +6574,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6537,7 +6604,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6567,7 +6634,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6597,7 +6664,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6627,7 +6694,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6657,7 +6724,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6675,7 +6742,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Networking OS 9 cves: cve-2021-4104: investigated: false @@ -6687,7 +6754,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6705,7 +6772,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -6717,7 +6784,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6747,7 +6814,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6777,7 +6844,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6807,7 +6874,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6837,7 +6904,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6867,7 +6934,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6897,7 +6964,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6927,7 +6994,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6957,7 +7024,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -6987,7 +7054,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7017,7 +7084,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: OpenManage Power Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7047,7 +7144,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7077,7 +7174,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7107,7 +7204,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Accelerator Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7137,7 +7264,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge Networking Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7167,7 +7324,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: PowerEdge RAID Controller Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7197,7 +7384,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7227,7 +7414,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7257,7 +7444,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7287,7 +7474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7317,7 +7504,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7347,7 +7534,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7377,7 +7564,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7407,7 +7594,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7437,7 +7624,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From b8e8b9b3644ccc62f66a09196ab1055063dc8c0c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:45:34 -0500 Subject: [PATCH 153/268] Finish update Dell products --- data/cisagov_D.yml | 246 ++++++++++++++++++++++++++------------------- 1 file changed, 143 insertions(+), 103 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index c66647c..a93b7dc 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -7669,10 +7669,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-282 references: - - '' + - '[]' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -7681,10 +7681,41 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' + affected_versions: [] + fixed_versions: + - '5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 + references: + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.00.00.10' + - '5.00.05.10' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7699,7 +7730,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-281 references: - - '' + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Server Storage @@ -7714,7 +7745,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7744,7 +7775,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7774,7 +7805,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7804,7 +7835,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7834,7 +7865,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7864,7 +7895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7894,7 +7925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7924,7 +7955,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7951,9 +7982,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7967,9 +7998,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-287. references: - - '' + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: SRS VE @@ -7984,7 +8015,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8010,8 +8041,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '16.x' + - '17.x' + - '18.x' + - '19.x' + - '20.1.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8026,9 +8062,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-310. references: - - '' + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Storage Center OS and additional SC applications unless otherwise noted @@ -8043,7 +8079,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8073,7 +8109,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8103,7 +8139,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8129,8 +8165,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '2.0.70 and earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8145,9 +8182,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-283. references: - - '' + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: UCC Edge @@ -8162,7 +8199,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8188,9 +8225,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'Versions before 4.0 SP 9.2 (4.0.9.1541235)' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8204,9 +8242,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: See DSA-2021-296. references: - - '' + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Unisphere for PowerMax @@ -8221,7 +8259,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8251,7 +8289,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8281,7 +8319,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8311,7 +8349,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8341,7 +8379,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8367,8 +8405,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8383,9 +8422,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: ViPR Controller @@ -8400,7 +8439,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8428,7 +8467,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - '8.2 8.3 8.4 8.5 and 8.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8458,7 +8497,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - '8.2 8.3 8.4 8.5 and 8.6' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8478,7 +8517,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: VNX Control Station cves: cve-2021-4104: investigated: false @@ -8490,7 +8529,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8508,7 +8547,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: VNX1 cves: cve-2021-4104: investigated: false @@ -8520,7 +8559,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8538,7 +8577,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: VNX2 cves: cve-2021-4104: investigated: false @@ -8547,10 +8586,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8563,12 +8602,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -8577,9 +8616,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Versions 3.1.16.10220572 and earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8593,12 +8632,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-299 references: - - '' + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -8608,9 +8647,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 'Version 3.1.15.10216415 and earlier' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8623,12 +8662,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-298 references: - - '' + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -8636,10 +8675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8652,12 +8692,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -8666,9 +8706,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8682,9 +8722,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-290. references: - - '' + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage @@ -8696,9 +8736,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8712,9 +8752,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: See DSA-2021-300. references: - - '' + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRO Plugin for Dell EMC PowerMax @@ -8726,9 +8766,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.2.3 or earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 1.2.3 or earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8756,9 +8796,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 1.1.0 or earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'Version 1.1.0 or earlier' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8787,7 +8827,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 1.1.4 or earlier + - 'Version 1.1.4 or earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8817,7 +8857,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 1.0.6 or earlier + - 'Version 1.0.6 or earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8847,7 +8887,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Version 4.1.2 or earlier + - 'Version 4.1.2 or earlier' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8879,7 +8919,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8905,7 +8945,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -8921,9 +8961,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Warnado MLK (firmware) @@ -8938,7 +8978,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8965,9 +9005,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8983,7 +9023,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-267 references: - - '' + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Wyse Proprietary OS (ThinOS) @@ -8998,7 +9038,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9028,7 +9068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] From a2d943dd32af514c2da4330b0086b6cea278cc95 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 15:54:50 -0500 Subject: [PATCH 154/268] Update Digi International products --- data/cisagov_D.yml | 219 +++++++++++++++++++++++++++------------------ 1 file changed, 130 insertions(+), 89 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index a93b7dc..839acdf 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -9116,7 +9116,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Denequa - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9145,7 +9145,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9153,10 +9153,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9174,7 +9175,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions - product: All products + product: All cves: cve-2021-4104: investigated: false @@ -9182,10 +9183,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9203,7 +9205,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9240,10 +9242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9269,10 +9272,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9298,10 +9302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9327,10 +9332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9356,10 +9362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9385,10 +9392,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9414,10 +9422,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9443,10 +9452,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9472,10 +9482,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9501,10 +9512,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9530,10 +9542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9559,10 +9572,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9588,10 +9602,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9617,10 +9632,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9646,10 +9662,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9675,10 +9692,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9704,10 +9722,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9733,10 +9752,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9762,10 +9782,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9791,10 +9812,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9820,10 +9842,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9849,10 +9872,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9878,10 +9902,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9907,10 +9932,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9936,10 +9962,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9965,10 +9992,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9994,10 +10022,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10023,10 +10052,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10052,10 +10082,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10081,10 +10112,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10110,10 +10142,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10139,10 +10172,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10168,10 +10202,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10197,10 +10232,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10226,10 +10262,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10255,10 +10292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10284,10 +10322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10313,10 +10352,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10342,10 +10382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10363,7 +10404,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digicert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10392,7 +10433,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Digital AI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10450,7 +10491,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: DNSFilter - product: '' + product: All cves: cve-2021-4104: investigated: false From c3029622e24c489f6a02fb46887a47c5b9dd64db Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 16:07:53 -0500 Subject: [PATCH 155/268] Finish D Products, update Dynatrace entries --- data/cisagov_D.yml | 207 +++++++++++++++++++++++++++++++++++++++------ 1 file changed, 183 insertions(+), 24 deletions(-) diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 839acdf..3bfc34b 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -10490,6 +10490,36 @@ software: references: - '' last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. + references: + - '' + last_updated: '2022-01-05T00:00:00' - vendor: DNSFilter product: All cves: @@ -10520,7 +10550,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docker - product: '' + product: Infrastructure cves: cve-2021-4104: investigated: false @@ -10528,10 +10558,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10544,12 +10575,12 @@ software: unaffected_versions: [] vendor_links: - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ - notes: '' + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Docusign - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10577,9 +10608,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + - vendor: DotCMS + product: Hybrid Content Management System cves: cve-2021-4104: investigated: false @@ -10587,10 +10617,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://github.com/dotCMS/core/issues/21393 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dräger + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://static.draeger.com/security + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: DrayTek + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10607,8 +10698,38 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: DSpace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10645,9 +10766,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10666,7 +10788,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -10674,10 +10796,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Extensions + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10703,9 +10856,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10732,10 +10886,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10761,10 +10916,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10790,9 +10946,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10819,9 +10976,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10848,9 +11006,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false From 0751e09fa7ebaa75821c1d62f2624d921c5cf877 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 3 Feb 2022 21:14:08 +0000 Subject: [PATCH 156/268] Update the software list --- SOFTWARE-LIST.md | 296 +++-- data/cisagov.yml | 2953 ++++++++++++++++++++++++++++++-------------- data/cisagov_D.yml | 469 +++---- 3 files changed, 2401 insertions(+), 1317 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 93ed32f..c55f6c9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -664,12 +664,12 @@ NOTE: This file is automatically generated. To submit updates, please refer to | CyberRes | | | | Unknown | [link](https://community.microfocus.com/cyberres/b/sws-22/posts/summary-of-cyberres-impact-from-log4j-or-logshell-logjam-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Daktronics | All Sport Pro | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dakronics Media Player | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| Daktronics | Dakronics Web Player | DWP-1000 | | Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| Daktronics | Dakronics Web Player | DWP-1000 | | Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DWP-1000 is not present in our codebase, but awaiting confirmation from LG re webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Data Vision Software (DVS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DVS has one microservice that uses Log4j, but it uses a version that is not impacted. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System (DMS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System - DMS Core Player | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Dynamic Messaging System - DMS Player hardware | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| Daktronics | Dynamic Messaging System - DMS Web Player | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player: Not present in our codebase, but awaiting confirmation from LG re: webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| Daktronics | Dynamic Messaging System - DMS Web Player | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | DMS Web Player not present in our codebase, but awaiting confirmation from LG re webOS platform. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | IBoot - Dataprobe IBoot Devices | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Outdoor Smartlink Devices | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Routers - Cisco Meraki Z3/Z3c Routers | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | @@ -681,42 +681,54 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Daktronics | Venus Control Suite (VCS) | | | Unknown | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Video Image Processors | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | | Daktronics | Webcam - Mobotix | | | Not Affected | [link](https://www.daktronics.com/en-us/support/kb/000025337) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| DarkTrace | | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dassault Systèmes | | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Databricks | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dataminer | | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DarkTrace | All | | | Unknown | [link](https://customerportal.darktrace.com/inside-the-soc/get-article/201) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dassault Systèmes | All | | | Unknown | [link](https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Databricks | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vREjwZk17BAHGwj5Phizi4DPFS9EIUbAMX-CswlgbFwqwKXNKZC8MrT-L6wUgfIChsSHtvd_QD3-659/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | Datadog Agent | | >=6.17.0, <=6.32.2, >=7.17.0, <=7.32.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | JMX monitoring component leverages an impacted version of log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | datadog-kafka-connect-logs | | < 1.0.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | Version 1.0.2 of the library uses version 2.16.0 of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Datadog | datadog-lambda-java | | < 1.0.2 | Fixed | [link](https://www.datadoghq.com/log4j-vulnerability/) | Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dataminer | All | | | Unknown | [link](https://community.dataminer.services/responding-to-log4shell-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Datev | | | | Unknown | [link](https://www.datev-community.de/t5/Freie-Themen/Log4-J-Schwachstelle/m-p/258185/highlight/true#M14308) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Datto | | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| dCache.org | | | | Unknown | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Debian | | | | Unknown | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Deepinstinct | | | | Unknown | [link](https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dell | "Dell EMC PowerMax VMAX VMAX3 and VMAX AFA" | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | "Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC" | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Datto | All | | | Unknown | [link](https://www.datto.com/blog/dattos-response-to-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DBeaver | All | | | Not Affected | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| dCache.org | All | | | Unknown | [link](https://www.dcache.org/post/log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Debian | Apache-log4j.1.2 | | | Not Affected | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Debian | Apache-log4j2 | | | Unknown | [link](https://security-tracker.debian.org/tracker/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Decos | Cloud | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | Fixi | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | Integrations (StUF/ZGW/Doclogic-DataIntegrator) | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Klant Contact | | | Not Affected | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Zaak &I Document (on-premise) | | All | Fixed | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Decos | JOIN Zaak &I Document (on-premise) | | All | Fixed | [link](https://decos.freshdesk.com/nl/support/solutions/articles/17000121598) | The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-01 | +| Deepinstinct | All | | | Unknown | [link](https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Dell | Alienware Command Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware OC Controls | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware On Screen Display | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Alienware Update | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | APEX Console | | N/A | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | APEX Data Storage Services | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patch in progress | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | APEX Console | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | APEX Data Storage Services | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patch in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Atmos | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Azure Stack HCI | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Avamar vproxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CalMAN Powered Calibration Firmware | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CalMAN Ready for Dell | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Centera | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Chameleon Linux Based Diagnostics | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Chassis Management Controller (CMC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | China HDD Deluxe | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Cloud IQ | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Cloud IQ | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Cloud environment patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Cloud Mobility for Dell EMC Storage | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Cloud Tiering Appliance | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | CloudIQ Collector | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Common Event Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Connectrix (Cisco MDS 9000 switches) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Connectrix (Cisco MDS DCNM) | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Connectrix B-Series SANnav | 2.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 3/31/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Connectrix (Cisco MDS DCNM) | V, e, r, s, i, o, n, s, , p, r, i, o, r, , t, o, , 1, 1, ., 5, (, 1, x, ) | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21. | [DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Connectrix B-Series SANnav | 2.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 2/28/2022. | [DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Connextrix B Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CyberSecIQ Application | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | CyberSense for PowerProtect Cyber Recovery | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Data Domain OS | Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Data Domain OS | Versions from 7.3.0.5 to 7.7.0.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-274 | [DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Crypto-C Micro Edition | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Crypto-J | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell BSAFE Micro Edition Suite | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -744,65 +756,67 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell Display Manager 1.5 for Windows / macOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Display Manager 2.0 for Windows / macOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC AppSync | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Avamar | "18.2 19.1 19.2 19.3 19.4" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC BSN Controller Node | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Cloud Disaster Recovery | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Avamar | 18.2, 19.1, 19.2, 19.3, 19.4 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21. | [DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC BSN Controller Node | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-305 | [DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Cloud Disaster Recovery | Versions from 19.6 and later | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | [DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Cloudboost | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC CloudLink | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Container Storage Modules | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Data Computing Appliance (DCA) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Advisor | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Central | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021- 269 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Data Protection Search | Versions before 19.5.0.7 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Advisor | | 18.x (or earlier) -standalone DPA is EOSL, 18.2.x (IDPA), 19.1.x, 19.2.x, 19.3.x, 19.4.x, 19.5.x, 19.6.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | [DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Central | | 18.2.x-19.4.x, 19.5.0-19.5.0.7 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-269 | [DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Data Protection Search | Versions before 19.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-279 | [DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC DataIQ | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Disk Library for Mainframe | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC ECS | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | "<6.0.0 6.1.0 6.2.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Enterprise Storage Analytics for vRealize Operations | <6.0.0, 6.1.0, 6.2.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-278 | [DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC GeoDrive | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Integrated System for Azure Stack HCI | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. Apply workaround guidance and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Integrated System for Azure Stack HCI | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Dell EMC Integrated System for Azure Stack HCI is not impacted by this advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect Gateway (SCG) were optionally installed with Dell EMC Integrated System for Azure Stack HCI monitor the following advisories. See DSA-2021-307. | [DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Integrated System for Microsoft Azure Stack Hub | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 2022-01-31. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Isilon InsightIQ | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC License Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Metro Node | 7.0.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC NetWorker Server | "19.5.x 19.4.x 19.3.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC NetWorker Virtual Edition | "19.5.x 19.4.x 19.3.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Metro Node | Versions before 7.0.1 P2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-308 | [DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC NetWorker | 19.4.x, 19.5.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC NetWorker VE | 19.4.x, 19.5.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Networking Onie | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | "with Versa Concerto with Versa Analytics with Versa Concero Director" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-304 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Networking Virtual Edge Platform with VersaOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Ansible Modules | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC OpenManage Enterprise Services | Version 1.2 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | [DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage integration for Splunk | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Integration for VMware vCenter | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Management pack for vRealize Operations | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Appliance | "All versions up to Intelligent Catalog 38_356_00_r10.zip All versions up to Intelligent Catalog 38_362_00_r7.zip" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Rack | N/A | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerFlex Software (SDS) | "3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Appliance | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-293. | [DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Rack | RCM 3.3 train - all versions up to 3.3.11.0, RCM 3.4 train - all versions up to 3.4.6.0, RCM 3.5 train - all versions up to 3.5.6.0, RCM 3.6 train - all versions up to 3.6.2.0 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-292. | [DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerFlex Software (SDS) | 3.5, 3.5.1, 3.5.1.1, 3.5.1.2, 3.5.1.3, 3.5.1.4, 3.6, 3.6.0.1, 3.6.0.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-272. | [DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerPath | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerPath Management Appliance | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerProtect Cyber Recovery | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerProtect Data Manager | All versions 19.9 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-286. | [DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerProtect DP Series Appliance (iDPA) | 2.7.0 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA 2021-285. | [DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerScale OneFS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for PowerMax | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for Powerstore | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerShell for Unity | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerStore | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC PowerVault MD3 Series Storage Arrays | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerStore | Versions before 2.0.1.3-1538564 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-295. | [DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerSwitch Z9264F-ON BMC | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC PowerSwitch Z9432F-ON BMC | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC PowerVault ME4 Series Storage Arrays | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC RecoverPoint Classic | All 5.1.x and later versions | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC RecoverPoint for Virtual Machine | All 5.0.x and later versions | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC RecoverPoint | All | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA 2021-284. | [DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Repository Manager (DRM) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus SmartZone 100 Controller | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus SmartZone 300 Controller | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Ruckus Virtual Software | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus SmartZone 100 Controller | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus SmartZone 300 Controller | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Ruckus Virtual Software | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-303 | [DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC SourceOne | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC SRM vApp | Versions before 4.6.0.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 1/25/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Streaming Data Platform | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/18/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC SRM | | Versions before 4.6.0.2 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-301. | [DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Streaming Data Platform | 1.1, 1.2, 1.2 HF1, 1.3, 1.3.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-297. | [DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Systems Update (DSU) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Unisphere 360 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC Unity | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/29/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC Unity | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-294. | [DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC Virtual Storage Integrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC VPLEX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell EMC VxRail | "4.5.x 4.7.x 7.0.x" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC vProtect | 19.5-19.9 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2022-007. | [DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC VxRail | 4.5.x, 4.7.x, 7.0.x | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-265. | [DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell EMC XC | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-311. | [DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell EMC XtremIO | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Encryption Enterprise* | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Encryption Personal* | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -811,15 +825,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell ImageAssist | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Insights Client | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Linux Assistant | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell Memory Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Mobile Connect | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Monitor ISP (Windows/Mac/Linux) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Monitor SDK | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Networking X-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Manage Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Manage Server Administrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell Open Management Enterprise - Modular | <1.40.10 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell OpenManage Change Management | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Dell OpenManage Enterprise Power Manager Plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise | Versions before 3.8.2 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-275 | [DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise CloudIQ plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise Modular | Versions before 1.40.10 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-268 | [DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Enterprise Power Manager plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Dell OpenManage Server Administrator | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Optimizer | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell OS Recovery Tool | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Peripheral Manager 1.4 / 1.5 for Windows | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -840,13 +857,13 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Dell True Color | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Trusted Device | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dell Update | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | DellEMC OpenManage Enterprise Services | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/20/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Dream Catcher | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | DUP Creation Service | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | DUP Framework (ISG) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | ECS | | 3.3.x, 3.4.x, 3.5.x, 3.6.0.x, 3.6.1.x, 3.6.2.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-273. | [DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Embedded NAS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Embedded Service Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Enterprise Hybrid Cloud | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Enterprise Hybrid Cloud | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-270. | [DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Equallogic PS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Fluid FS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | iDRAC Service Module (iSM) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -854,9 +871,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Integrated Dell Remote Access Controller (iDRAC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ISG Accelerators | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ISG Board & Electrical | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | ISG Drive & Storage Media | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | IsilonSD Management Server | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | IVE-WinDiag | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Mainframe Enablers | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | MDS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | My Dell | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | MyDell Mobile | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | NetWorker Management Console | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -864,7 +883,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Networking DIAG | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking N-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking OS 10 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Networking OS9 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Networking OS 9 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking SD-WAN Edge SD-WAN | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking W-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Networking X-Series | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -872,15 +891,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | OMNIA | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Connections - Nagios | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Connections - ServiceNow | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | OpenManage Enterprise | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Integration for Microsoft System Center for System Center Operations Manager | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Integration with Microsoft Windows Admin Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | OpenManage Network Integration | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | OpenManage Power Center | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect N3200 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect PC2800 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerConnect PC8100 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge Accelerator Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerEdge BIOS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge Networking Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerEdge Operating Systems | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | PowerEdge RAID Controller Solutions | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PowerTools Agent | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PPDM Kubernetes cProxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | PPDM VMware vProxy | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -890,8 +912,9 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Rugged Control Center (RCC) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SD ROM Utility | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SDNAS | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Secure Connect Gateway (SCG) Policy Manager | "5.00.00.10 5.00.05.10" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Appliance | "5.00.00 5.00.05 and 4.0.06 and earlier versions (OVF and VHD)" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | [] | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Appliance | | 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-282 | [DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Secure Connect Gateway (SCG) Policy Manager | | 5.00.00.10, 5.00.05.10 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-281 | [DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Server Storage | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Smart Fabric Storage Software | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SmartByte | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | @@ -900,103 +923,108 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dell | Solutions Enabler | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Solutions Enabler vApp | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Sonic | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | SRS Policy Manager | 7 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | SRS Policy Manager | | 7.0 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-287. | [DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SRS VE | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Storage Center - Dell Storage Manager | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Storage Center - Dell Storage Manager | 16.x, 17.x, 18.x, 19.x, 20.1.1 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-310. | [DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Storage Center OS and additional SC applications unless otherwise noted | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SupportAssist Client Commercial | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | SupportAssist Client Consumer | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | SupportAssist Enterprise | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/23/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | SupportAssist Enterprise | 2.0.70 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-283. | [DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | UCC Edge | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Unisphere Central | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 1/10/2022 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Unisphere Central | | Versions before 4.0 SP 9.2 (4.0.9.1541235) | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-296. | [DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for PowerMax | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for PowerMax vApp | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for VMAX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Unisphere for VNX | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Update Manager Plugin | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Vblock | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Vblock | | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. | [vce6771](https://support-dellemc-com.secure.force.com/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | ViPR Controller | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VMware vRealize Automation 8.x | "8.2 8.3 8.4 8.5 and 8.6" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VMware vRealize Orchestrator 8.x | "8.2 8.3 8.4 8.5 and 8.6" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VMware vRealize Automation 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VMware vRealize Orchestrator 8.x | 8.2 8.3 8.4 8.5 and 8.6 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNX Control Station | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VNX1 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VNX2 | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VNXe 1600 | Versions 3.1.16.10220572 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VNXe 3200 | Version 3.1.15.10216415 and earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNXe 1600 | | Versions 3.1.16.10220572 and earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-299 | [DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VNXe 3200 | | Version 3.1.15.10216415 and earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-298 | [DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | VPLEX VS2/VS6 / VPLEX Witness | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Data Protection Extension Data Management | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Data Protection Extension for vRealize Automation (vRA) 8.x | "version 19.6 version 19.7 version 19.8 and version 19.9" | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch expected by 12/19/21 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | Various | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRO Plugin for Dell EMC PowerMax | Version 1.2.3 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | vRO Plugin for Dell EMC PowerScale | Version 1.1.0 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRealize Data Protection Extension Data Management | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-290. | [DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage | | | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300. | [DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRO Plugin for Dell EMC PowerMax | | Version 1.2.3 or earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | vRO Plugin for Dell EMC PowerScale | | Version 1.1.0 or earlier | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC PowerStore | Version 1.1.4 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC Unity | Version 1.0.6 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | vRO Plugin for Dell EMC XtremIO | Version 4.1.2 or earlier | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-300 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Vsan Ready Nodes | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | VxBlock | | | Unknown | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | "Patch pending See vce6771 (requires customer login) " | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | VxBlock | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. | [vce6771](https://support-dellemc-com.secure.force.com/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Warnado MLK (firmware) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Dell | Wyse Management Suite | <3.5 | | Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dell | Wyse Management Suite | | < 3.5 | Fixed | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | See DSA-2021-267 | [DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Wyse Proprietary OS (ThinOS) | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Dell | Wyse Windows Embedded Suite | | | Not Affected | [link](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Deltares | Delft-FEWS | | >2018.02 | Fixed | [link](https://publicwiki.deltares.nl/display/FEWSDOC/Delft-FEWS+and+Log4J+vulnerability) | Mitigations Only | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Denequa | | | | Unknown | [link](https://denequa.de/log4j-information.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Device42 | | | | Unknown | [link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Devolutions | All products | | | Unknown | [link](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Diebold Nixdorf | | | | Unknown | [link](https://www.dieboldnixdorf.com/en-us/apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Digi International | AnywhereUSB Manager | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | ARMT | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Aview | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | AVWOB | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK G6200 family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK SkyCloud | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | CTEK Z45 family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi 54xx family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi 63xx family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi AnywhereUSB (G2) family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi AnywhereUSB Plus family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect EZ family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect IT family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect Sensor family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Connect WS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi ConnectPort family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi ConnectPort LTS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Embedded Android | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Embedded Yocto | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi EX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi IX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi LR54 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Navigator | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi One family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Passport family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi PortServer TS family | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Remote Manager | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi TX routers | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR11 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR21 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR31 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR44R/RR | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR54 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi WR64 | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Digi Xbee mobile app | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Lighthouse | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Realport | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digi International | Remote Hub Config Utility | | | Unknown | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Digicert | | | | Unknown | [link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Digital AI | | | | Unknown | [link](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Denequa | All | | | Unknown | [link](https://denequa.de/log4j-information.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Device42 | All | | | Not Affected | [link](https://blog.device42.com/2021/12/13/log4j-zero-day/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Devolutions | All | | | Not Affected | [link](https://blog.devolutions.net/2021/12/critical-vulnerability-in-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Diebold Nixdorf | All | | | Unknown | [link](https://www.dieboldnixdorf.com/en-us/apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Digi International | AnywhereUSB Manager | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | ARMT | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Aview | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | AVWOB | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK G6200 family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK SkyCloud | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | CTEK Z45 family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi 54xx family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi 63xx family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi AnywhereUSB (G2) family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi AnywhereUSB Plus family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect EZ family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect IT family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect Sensor family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Connect WS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi ConnectPort family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi ConnectPort LTS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Embedded Android | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Embedded Yocto | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi EX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi IX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi LR54 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Navigator | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi One family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Passport family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi PortServer TS family | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Remote Manager | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi TX routers | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR11 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR21 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR31 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR44R/RR | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR54 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi WR64 | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Digi Xbee mobile app | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Lighthouse | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Realport | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digi International | Remote Hub Config Utility | | | Not Affected | [link](https://www.digi.com/resources/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Digicert | All | | | Unknown | [link](https://knowledge.digicert.com/alerts/digicert-log4j-response.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Digital AI | All | | | Unknown | [link](https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Digital Alert Systems | All | | | Unknown | [link](https://www.digitalalertsystems.com/default-2.htm) | Formerly Monroe Electronics, Inc. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| DNSFilter | | | | Unknown | [link](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Docker | | | | Unknown | [link](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Docusign | | | | Unknown | [link](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| DrayTek | Vigor Routers, Access Points, Switches, VigorACS Central Management Software, MyVigor Platform | | | Unknown | [link](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| DSpace | | | | Unknown | [link](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Dynatrace | ActiveGate | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Dynatrace Extensions | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | FedRamp SAAS | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Managed cluster nodes | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | OneAgent | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | SAAS | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Synthetic Private ActiveGate | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Dynatrace | Synthetic public locations | | | Unknown | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| DirectAdmin | All | | | Not Affected | [link](https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723) | Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | +| DNSFilter | All | | | Unknown | [link](https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Docker | Infrastructure | | | Not Affected | [link](https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/) | Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Docusign | All | | | Unknown | [link](https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DotCMS | Hybrid Content Management System | | | Fixed | [link](https://github.com/dotCMS/core/issues/21393) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| DrayTek | All | | | Not Affected | [link](https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dropwizard | All | | | Not Affected | [link](https://twitter.com/dropwizardio/status/1469285337524580359) | Only vulnerable if you manually added Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Dräger | All | | | Not Affected | [link](https://static.draeger.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| DSpace | All | | | Unknown | [link](https://groups.google.com/g/dspace-community/c/Fa4VdjiiNyE) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Dynatrace | ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Cloud Services | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Extensions | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | FedRamp SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Managed cluster nodes | | | Not Affected | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | OneAgent | | | Not Affected | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Synthetic Private ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Dynatrace | Synthetic public locations | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | EasyRedmine | | | | Unknown | [link](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Eaton | Undisclosed | Undisclosed | | Affected | [link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | EclecticIQ | | | | Unknown | [link](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index e2d8bd9..e3488a3 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -19067,8 +19067,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DWP-1000: Not present in our codebase, but awaiting confirmation from - LG re: webOS platform.' + notes: DWP-1000 is not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -19222,8 +19222,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: 'DMS Web Player: Not present in our codebase, but awaiting confirmation - from LG re: webOS platform.' + notes: DMS Web Player not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -19566,7 +19566,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: DarkTrace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -19590,12 +19590,13 @@ software: unaffected_versions: [] vendor_links: - https://customerportal.darktrace.com/inside-the-soc/get-article/201 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dassault Systèmes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -19619,12 +19620,13 @@ software: unaffected_versions: [] vendor_links: - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Databricks - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -19656,10 +19658,11 @@ software: product: Datadog Agent cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] @@ -19681,12 +19684,75 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: '' + notes: JMX monitoring component leverages an impacted version of log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-kafka-connect-logs + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Version 1.0.2 of the library uses version 2.16.0 of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Datadog + product: datadog-lambda-java + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.datadoghq.com/log4j-vulnerability/ + notes: Following AWS recommendation, library updated using the latest version + of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Dataminer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -19744,7 +19810,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Datto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -19772,8 +19838,41 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DBeaver + product: All + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dcache.org/post/log4j-vulnerability/ + notes: '' + references: + - '' + last_updated: '2021-12-15T07:18:50+00:00' - vendor: dCache.org - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -19802,18 +19901,20 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Debian - product: '' + product: Apache-log4j.1.2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -19830,19 +19931,21 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Deepinstinct - product: '' + - vendor: Debian + product: Apache-log4j2 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-44228: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - stretch, buster, bullseye cve-2021-45046: investigated: false affected_versions: [] @@ -19854,175 +19957,191 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + - https://security-tracker.debian.org/tracker/CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dell - product: '"Dell EMC PowerMax VMAX VMAX3 and VMAX AFA"' + - vendor: Decos + product: Cloud cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: '"Dell EMC PowerSwitch Z9264F-ON BMC Dell EMC PowerSwitch Z9432F-ON BMC"' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: EvenementenAssistent + InkomensAssistent + Leerlingenvervoer + AIM online cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Command Center + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Fixi cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware OC Controls + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: Integrations (StUF/ZGW/Doclogic-DataIntegrator) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware On Screen Display + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Klant Contact cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - All cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Alienware Update + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20032,7 +20151,628 @@ software: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available + on our WIKI. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Decos + product: JOIN Zaak &I Document (on-premise) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). + Mitigating actions taken. + references: + - '' + last_updated: '2022-02-01T07:18:50+00:00' + - vendor: Deepinstinct + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.deepinstinct.com/blog/log4shell-cve-2021-44228-what-you-need-to-know + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Dell + product: Alienware Command Center + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware OC Controls + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware On Screen Display + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Alienware Update + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Console + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: APEX Data Storage Services + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patch in progress. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Atmos + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Avamar vproxy + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Powered Calibration Firmware + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: CalMAN Ready for Dell + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Centera + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chameleon Linux Based Diagnostics + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Chassis Management Controller (CMC) + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: China HDD Deluxe + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, + XPS, Vostro, ChengMing) BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud IQ + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: Cloud environment patched. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Cloud Mobility for Dell EMC Storage + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20040,88 +20780,98 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Console + product: Cloud Tiering Appliance cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - N/A - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: APEX Data Storage Services + product: CloudIQ Collector cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patch in progress + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Atmos + product: Common Event Enabler cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20129,29 +20879,32 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Azure Stack HCI + product: Connectrix (Cisco MDS 9000 switches) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' @@ -20159,70 +20912,71 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Powered Calibration Firmware + product: Connectrix (Cisco MDS DCNM) cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: Versions prior to 11.5(1x) fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/23/21. references: - - '' + - '[DSA-2021-302](https://www.dell.com/support/kbdoc/en-us/000194797/dsa-2021-302-dell-connectrix-mds-dcnm-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CalMAN Ready for Dell + product: Connectrix B-Series SANnav cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.1.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2/28/2022. references: - - '' + - '[DSA-2021-266](https://www.dell.com/support/kbdoc/en-us/000194461/dsa-2021-266-dell-emc-connectrix-b-series-sannav-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Centera + product: Connextrix B Series cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -20231,14 +20985,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -20249,7 +21003,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chameleon Linux Based Diagnostics + product: CyberSecIQ Application cves: cve-2021-4104: investigated: false @@ -20261,7 +21015,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20279,7 +21033,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Chassis Management Controller (CMC) + product: CyberSense for PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -20291,7 +21045,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20309,7 +21063,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: China HDD Deluxe + product: Data Domain OS cves: cve-2021-4104: investigated: false @@ -20318,10 +21072,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -20334,12 +21088,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-274 references: - - '' + - '[DSA-2021-274](https://www.dell.com/support/kbdoc/en-us/000194503/dsa-2021-274-dell-emc-data-domain-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud IQ + product: Dell BSAFE Crypto-C Micro Edition cves: cve-2021-4104: investigated: false @@ -20347,10 +21101,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20363,12 +21118,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Cloud environment patched + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Mobility for Dell EMC Storage + product: Dell BSAFE Crypto-J cves: cve-2021-4104: investigated: false @@ -20380,7 +21135,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20398,7 +21153,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Cloud Tiering Appliance + product: Dell BSAFE Micro Edition Suite cves: cve-2021-4104: investigated: false @@ -20410,7 +21165,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20428,7 +21183,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS 9000 switches) + product: Dell Calibration Assistant cves: cve-2021-4104: investigated: false @@ -20440,7 +21195,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20458,7 +21213,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix (Cisco MDS DCNM) + product: Dell Cinema Color cves: cve-2021-4104: investigated: false @@ -20466,10 +21221,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20482,12 +21238,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connectrix B-Series SANnav + product: Dell Cloud Command Repository Manager cves: cve-2021-4104: investigated: false @@ -20496,10 +21252,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.1.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20512,12 +21268,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 3/31/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Connextrix B Series + product: Dell Cloud Management Agent cves: cve-2021-4104: investigated: false @@ -20529,7 +21285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20547,7 +21303,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSecIQ Application + product: Dell Color Management cves: cve-2021-4104: investigated: false @@ -20559,7 +21315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20577,7 +21333,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: CyberSense for PowerProtect Cyber Recovery + product: Dell Command Configure cves: cve-2021-4104: investigated: false @@ -20589,7 +21345,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20607,7 +21363,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Data Domain OS + product: Dell Command Integration Suite for System Center cves: cve-2021-4104: investigated: false @@ -20616,10 +21372,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions between 7.3.0.5 and 7.7.0.6;Versions before 7.6.0.30 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20632,12 +21388,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-274 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-C Micro Edition + product: Dell Command Intel vPro Out of Band cves: cve-2021-4104: investigated: false @@ -20649,7 +21405,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20667,7 +21423,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Crypto-J + product: Dell Command Monitor cves: cve-2021-4104: investigated: false @@ -20679,7 +21435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20697,7 +21453,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell BSAFE Micro Edition Suite + product: Dell Command Power Manager cves: cve-2021-4104: investigated: false @@ -20709,7 +21465,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20727,7 +21483,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Calibration Assistant + product: Dell Command PowerShell Provider cves: cve-2021-4104: investigated: false @@ -20739,7 +21495,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20757,7 +21513,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cinema Color + product: Dell Command Update cves: cve-2021-4104: investigated: false @@ -20769,7 +21525,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20787,7 +21543,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Command Repository Manager + product: Dell Customer Connect cves: cve-2021-4104: investigated: false @@ -20799,7 +21555,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20817,7 +21573,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Cloud Management Agent + product: Dell Data Guardian* cves: cve-2021-4104: investigated: false @@ -20829,7 +21585,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20847,7 +21603,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Color Management + product: Dell Data Protection* cves: cve-2021-4104: investigated: false @@ -20859,7 +21615,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20877,7 +21633,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Configure + product: Dell Data Recovery Environment cves: cve-2021-4104: investigated: false @@ -20889,7 +21645,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20907,7 +21663,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Integration Suite for System Center + product: Dell Data Vault cves: cve-2021-4104: investigated: false @@ -20919,7 +21675,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20937,7 +21693,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Intel vPro Out of Band + product: Dell Data Vault for Chrome OS cves: cve-2021-4104: investigated: false @@ -20949,7 +21705,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20967,7 +21723,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Monitor + product: Dell Deployment Agent cves: cve-2021-4104: investigated: false @@ -20979,7 +21735,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -20997,7 +21753,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Power Manager + product: Dell Digital Delivery cves: cve-2021-4104: investigated: false @@ -21009,7 +21765,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21027,7 +21783,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command PowerShell Provider + product: Dell Direct USB Key cves: cve-2021-4104: investigated: false @@ -21039,7 +21795,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21057,7 +21813,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Command Update + product: Dell Display Manager 1.5 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21069,7 +21825,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21087,7 +21843,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Customer Connect + product: Dell Display Manager 2.0 for Windows / macOS cves: cve-2021-4104: investigated: false @@ -21099,7 +21855,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21117,7 +21873,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Guardian* + product: Dell EMC AppSync cves: cve-2021-4104: investigated: false @@ -21129,7 +21885,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21147,7 +21903,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Protection* + product: Dell EMC Avamar cves: cve-2021-4104: investigated: false @@ -21156,10 +21912,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '18.2' + - '19.1' + - '19.2' + - '19.3' + - '19.4' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21172,12 +21932,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21. references: - - '' + - '[DSA-2021-277](https://www.dell.com/support/kbdoc/en-us/000194480/dsa-2021-277-dell-emc-avamar-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Recovery Environment + product: Dell EMC BSN Controller Node cves: cve-2021-4104: investigated: false @@ -21187,9 +21947,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21202,12 +21962,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-305 references: - - '' + - '[DSA-2021-305](https://www.dell.com/support/kbdoc/en-us/000194631/dsa-2021-305-dell-emc-bsn-controller-node-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault + product: Dell EMC Cloud Disaster Recovery cves: cve-2021-4104: investigated: false @@ -21216,10 +21976,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions from 19.6 and later fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21232,12 +21992,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch pending references: - - '' + - '[DSA-2021-289](https://www.dell.com/support/kbdoc/en-us/000194663/dsa-2021-289-dell-emc-cloud-disaster-recovery-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Data Vault for Chrome OS + product: Dell EMC Cloudboost cves: cve-2021-4104: investigated: false @@ -21249,7 +22009,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21267,7 +22027,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Deployment Agent + product: Dell EMC CloudLink cves: cve-2021-4104: investigated: false @@ -21279,7 +22039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21297,7 +22057,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Digital Delivery + product: Dell EMC Container Storage Modules cves: cve-2021-4104: investigated: false @@ -21309,7 +22069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21327,7 +22087,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Direct USB Key + product: Dell EMC Data Computing Appliance (DCA) cves: cve-2021-4104: investigated: false @@ -21339,7 +22099,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21357,7 +22117,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 1.5 for Windows / macOS + product: Dell EMC Data Protection Advisor cves: cve-2021-4104: investigated: false @@ -21367,9 +22127,16 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.x (or earlier) -standalone DPA is EOSL + - 18.2.x (IDPA) + - 19.1.x + - 19.2.x + - 19.3.x + - 19.4.x + - 19.5.x + - 19.6.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21384,10 +22151,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: '' references: - - '' + - '[DSA-2021-309](https://www.dell.com/support/kbdoc/en-us/000194651/dsa-2021-309-dell-emc-dpa-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Display Manager 2.0 for Windows / macOS + product: Dell EMC Data Protection Central cves: cve-2021-4104: investigated: false @@ -21397,9 +22164,10 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 18.2.x-19.4.x + - 19.5.0-19.5.0.7 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21412,12 +22180,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-269 references: - - '' + - '[DSA-2021-269](https://www.dell.com/support/kbdoc/en-us/000194557/dsa-2021-269-dell-emc-data-protection-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC AppSync + product: Dell EMC Data Protection Search cves: cve-2021-4104: investigated: false @@ -21426,10 +22194,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 19.6 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21442,12 +22210,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-279 references: - - '' + - '[DSA-2021-279](https://www.dell.com/support/kbdoc/en-us/000194629/dsa-2021-279-dell-emc-data-protection-search-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Avamar + product: Dell EMC DataIQ cves: cve-2021-4104: investigated: false @@ -21456,10 +22224,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"18.2 19.1 19.2 19.3 19.4"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21472,12 +22240,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC BSN Controller Node + product: Dell EMC Disk Library for Mainframe cves: cve-2021-4104: investigated: false @@ -21485,10 +22253,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21501,12 +22270,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-305 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloud Disaster Recovery + product: Dell EMC Enterprise Storage Analytics for vRealize Operations cves: cve-2021-4104: investigated: false @@ -21516,7 +22285,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - N/A + - <6.0.0 + - 6.1.0 + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21531,12 +22302,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-278 references: - - '' + - '[DSA-2021-278](https://www.dell.com/support/kbdoc/en-us/000194488/dsa-2021-278)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Cloudboost + product: Dell EMC GeoDrive cves: cve-2021-4104: investigated: false @@ -21548,7 +22319,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21566,7 +22337,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC CloudLink + product: Dell EMC Integrated System for Azure Stack HCI cves: cve-2021-4104: investigated: false @@ -21575,10 +22346,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21591,12 +22362,15 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Dell EMC Integrated System for Azure Stack HCI is not impacted by this + advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect + Gateway (SCG) were optionally installed with Dell EMC Integrated System for + Azure Stack HCI monitor the following advisories. See DSA-2021-307. references: - - '' + - '[DSA-2021-307](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Container Storage Modules + product: Dell EMC Integrated System for Microsoft Azure Stack Hub cves: cve-2021-4104: investigated: false @@ -21605,10 +22379,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21621,12 +22395,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 2022-01-31. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Computing Appliance (DCA) + product: Dell EMC Isilon InsightIQ cves: cve-2021-4104: investigated: false @@ -21638,7 +22412,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21656,7 +22430,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Advisor + product: Dell EMC License Manager cves: cve-2021-4104: investigated: false @@ -21668,7 +22442,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21686,7 +22460,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Central + product: Dell EMC Metro Node cves: cve-2021-4104: investigated: false @@ -21694,8 +22468,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Versions before 7.0.1 P2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21710,12 +22485,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021- 269 + notes: See DSA-2021-308 references: - - '' + - '[DSA-2021-308](https://www.dell.com/support/kbdoc/en-us/000194630/dsa-2021)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Data Protection Search + product: Dell EMC NetWorker cves: cve-2021-4104: investigated: false @@ -21725,7 +22500,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - Versions before 19.5.0.7 + - 19.4.x + - 19.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -21740,12 +22516,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-279 + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC DataIQ + product: Dell EMC NetWorker VE cves: cve-2021-4104: investigated: false @@ -21754,10 +22530,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 19.4.x + - 19.5.x fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21770,12 +22547,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-280](https://www.dell.com/support/kbdoc/en-us/000194541/dsa-2021-280-dell-emc-networker-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Disk Library for Mainframe + product: Dell EMC Networking Onie cves: cve-2021-4104: investigated: false @@ -21787,7 +22564,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21805,7 +22582,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC ECS + product: Dell EMC Networking Virtual Edge Platform with VersaOS cves: cve-2021-4104: investigated: false @@ -21813,10 +22590,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21829,12 +22607,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Enterprise Storage Analytics for vRealize Operations + product: Dell EMC OpenManage Ansible Modules cves: cve-2021-4104: investigated: false @@ -21843,10 +22621,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"<6.0.0 6.1.0 6.2.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21859,12 +22637,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-278 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC GeoDrive + product: Dell EMC OpenManage Enterprise Services cves: cve-2021-4104: investigated: false @@ -21873,10 +22651,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Version 1.2 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -21889,12 +22667,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: Patch expected by 12/20/21 references: - - '' + - '[DSA-2021-276](https://www.dell.com/support/kbdoc/en-us/000194652/dsa-2021-276-dell-emc-openmanage-enterprise-services-security-update-for-apache-log4j-remote-code-execution-vulnerabilities-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Azure Stack HCI + product: Dell EMC OpenManage integration for Splunk cves: cve-2021-4104: investigated: false @@ -21903,10 +22681,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21919,16 +22697,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Dell EMC Integrated System for Azure Stack HCI is not impacted by this - advisory. If Dell EMC SupportAssist Enterprise (SAE) or Dell EMC Secure Connect - Gateway (SCG) were optionally installed with Dell EMC Integrated System for - Azure Stack HCI monitor the following advisories. Apply workaround guidance - and remediations as they become [available:](https://www.dell.com/support/kbdoc/en-us/000194622/dsa-2021-307-dell-emc-integrated-system-for-azure-stack-hci-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Integrated System for Microsoft Azure Stack Hub + product: Dell EMC OpenManage Integration for VMware vCenter cves: cve-2021-4104: investigated: false @@ -21937,10 +22711,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21953,12 +22727,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Isilon InsightIQ + product: Dell EMC OpenManage Management pack for vRealize Operations cves: cve-2021-4104: investigated: false @@ -21970,7 +22744,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -21988,7 +22762,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC License Manager + product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge + Manager cves: cve-2021-4104: investigated: false @@ -22000,7 +22775,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22018,7 +22793,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Metro Node + product: Dell EMC PowerFlex Appliance cves: cve-2021-4104: investigated: false @@ -22028,7 +22803,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.x + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22043,12 +22818,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-308 + notes: See DSA-2021-293. references: - - '' + - '[DSA-2021-293](https://www.dell.com/support/kbdoc/en-us/000194579/dsa-2021-293-dell-powerflex-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Server + product: Dell EMC PowerFlex Rack cves: cve-2021-4104: investigated: false @@ -22058,7 +22833,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - RCM 3.3 train - all versions up to 3.3.11.0 + - RCM 3.4 train - all versions up to 3.4.6.0 + - RCM 3.5 train - all versions up to 3.5.6.0 + - RCM 3.6 train - all versions up to 3.6.2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22073,12 +22851,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: See DSA-2021-292. references: - - '' + - '[DSA-2021-292](https://www.dell.com/support/kbdoc/en-us/000194578/dsa-2021-292-dell-powerflex-rack-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC NetWorker Virtual Edition + product: Dell EMC PowerFlex Software (SDS) cves: cve-2021-4104: investigated: false @@ -22088,7 +22866,15 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"19.5.x 19.4.x 19.3.x"' + - '3.5' + - 3.5.1 + - 3.5.1.1 + - 3.5.1.2 + - 3.5.1.3 + - 3.5.1.4 + - '3.6' + - 3.6.0.1 + - 3.6.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22103,12 +22889,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: See DSA-2021-272. references: - - '' + - '[DSA-2021-272](https://www.dell.com/support/kbdoc/en-us/000194548/dsa-2021-272-dell-powerflex-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Onie + product: Dell EMC PowerPath cves: cve-2021-4104: investigated: false @@ -22120,7 +22906,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22138,7 +22924,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Networking Virtual Edge Platform with VersaOS + product: Dell EMC PowerPath Management Appliance cves: cve-2021-4104: investigated: false @@ -22147,10 +22933,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"with Versa Concerto with Versa Analytics with Versa Concero Director"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22163,12 +22949,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-304 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Ansible Modules + product: Dell EMC PowerProtect Cyber Recovery cves: cve-2021-4104: investigated: false @@ -22180,7 +22966,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22198,7 +22984,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage integration for Splunk + product: Dell EMC PowerProtect Data Manager cves: cve-2021-4104: investigated: false @@ -22207,10 +22993,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All versions 19.9 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22223,12 +23009,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-286. references: - - '' + - '[DSA-2021-286](https://www.dell.com/support/kbdoc/en-us/000194549/dsa-2021-286-dell-emc-power-protect-data-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Integration for VMware vCenter + product: Dell EMC PowerProtect DP Series Appliance (iDPA) cves: cve-2021-4104: investigated: false @@ -22237,10 +23023,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 2.7.0 and earlier fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22253,12 +23039,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA 2021-285. references: - - '' + - '[DSA-2021-285](https://www.dell.com/support/kbdoc/en-us/000194532/dsa-2021-285-dell-emc-integrated-data-protection-appliance-powerprotect-dp-series-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Management pack for vRealize Operations + product: Dell EMC PowerScale OneFS cves: cve-2021-4104: investigated: false @@ -22270,7 +23056,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22288,8 +23074,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC OpenManage Operations Connector for Micro Focus Operations Bridge - Manager + product: Dell EMC PowerShell for PowerMax cves: cve-2021-4104: investigated: false @@ -22301,7 +23086,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22319,7 +23104,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Appliance + product: Dell EMC PowerShell for Powerstore cves: cve-2021-4104: investigated: false @@ -22328,11 +23113,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"All versions up to Intelligent Catalog 38_356_00_r10.zip All versions - up to Intelligent Catalog 38_362_00_r7.zip"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22345,12 +23129,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Rack + product: Dell EMC PowerShell for Unity cves: cve-2021-4104: investigated: false @@ -22359,10 +23143,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - N/A + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22375,12 +23159,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerFlex Software (SDS) + product: Dell EMC PowerStore cves: cve-2021-4104: investigated: false @@ -22390,7 +23174,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"3.5 3.5.1 3.5.1.1 3.5.1.2 3.5.1.3 3.5.1.4 3.6 3.6.0.1 3.6.0.2"' + - Versions before 2.0.1.3-1538564 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22405,12 +23189,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-295. references: - - '' + - '[DSA-2021-295](https://www.dell.com/support/kbdoc/en-us/000194739/dsa-2021-295-dell-emc-powerstore-family-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-and-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath + product: Dell EMC PowerSwitch Z9264F-ON BMC cves: cve-2021-4104: investigated: false @@ -22422,7 +23206,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22440,7 +23224,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerPath Management Appliance + product: Dell EMC PowerSwitch Z9432F-ON BMC cves: cve-2021-4104: investigated: false @@ -22452,7 +23236,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22470,7 +23254,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Cyber Recovery + product: Dell EMC PowerVault ME4 Series Storage Arrays cves: cve-2021-4104: investigated: false @@ -22482,7 +23266,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22500,7 +23284,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect Data Manager + product: Dell EMC RecoverPoint cves: cve-2021-4104: investigated: false @@ -22510,7 +23294,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - All versions 19.9 and earlier + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22525,12 +23309,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA 2021-284. references: - - '' + - '[DSA 2021-284](https://www.dell.com/support/kbdoc/en-us/000194531/dsa-2021-284-dell-emc-recoverpoint-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerProtect DP Series Appliance (iDPA) + product: Dell EMC Repository Manager (DRM) cves: cve-2021-4104: investigated: false @@ -22539,10 +23323,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.7.0 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22555,12 +23339,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerScale OneFS + product: Dell EMC Ruckus SmartZone 100 Controller cves: cve-2021-4104: investigated: false @@ -22570,9 +23354,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22585,12 +23369,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for PowerMax + product: Dell EMC Ruckus SmartZone 300 Controller cves: cve-2021-4104: investigated: false @@ -22600,9 +23384,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22615,12 +23399,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Powerstore + product: Dell EMC Ruckus Virtual Software cves: cve-2021-4104: investigated: false @@ -22630,9 +23414,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22645,12 +23429,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-303 references: - - '' + - '[DSA-2021-303](https://www.dell.com/support/kbdoc/en-us/000194616/dsa-2021-303-dell-emc-ruckus-wireless-controller-and-virtual-software-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerShell for Unity + product: Dell EMC SourceOne cves: cve-2021-4104: investigated: false @@ -22662,7 +23446,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22680,7 +23464,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerStore + product: Dell EMC SRM cves: cve-2021-4104: investigated: false @@ -22688,9 +23472,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions before 4.6.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -22704,12 +23489,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-301. references: - - '' + - '[DSA-2021-301](https://www.dell.com/support/kbdoc/en-us/000194613/dsa-2021-301)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault MD3 Series Storage Arrays + product: Dell EMC Streaming Data Platform cves: cve-2021-4104: investigated: false @@ -22718,10 +23503,14 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '1.1' + - '1.2' + - 1.2 HF1 + - '1.3' + - 1.3.1 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22734,12 +23523,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-297. references: - - '' + - '[DSA-2021-297](https://www.dell.com/support/kbdoc/en-us/000194627/dsa-2021-297-dell-emc-streaming-data-platform-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC PowerVault ME4 Series Storage Arrays + product: Dell EMC Systems Update (DSU) cves: cve-2021-4104: investigated: false @@ -22751,7 +23540,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22769,7 +23558,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint Classic + product: Dell EMC Unisphere 360 cves: cve-2021-4104: investigated: false @@ -22778,10 +23567,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.1.x and later versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22794,12 +23583,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC RecoverPoint for Virtual Machine + product: Dell EMC Unity cves: cve-2021-4104: investigated: false @@ -22808,9 +23597,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All 5.0.x and later versions - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -22824,12 +23613,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-294. references: - - '' + - '[DSA-2021-294](https://www.dell.com/support/kbdoc/en-us/000194826/dsa-2021-294-dell-emc-unity-dell-emc-unityvsa-and-dell-emc-unity-xt-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Repository Manager (DRM) + product: Dell EMC Virtual Storage Integrator cves: cve-2021-4104: investigated: false @@ -22841,7 +23630,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22859,7 +23648,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 100 Controller + product: Dell EMC VPLEX cves: cve-2021-4104: investigated: false @@ -22867,10 +23656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -22883,12 +23673,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus SmartZone 300 Controller + product: Dell EMC vProtect cves: cve-2021-4104: investigated: false @@ -22896,8 +23686,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 19.5-19.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22912,12 +23703,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: See DSA-2022-007. references: - - '' + - '[DSA-2022-007](https://www.dell.com/support/kbdoc/en-us/000195003/title-dsa-2022-007-dell-emc-vprotect-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Ruckus Virtual Software + product: Dell EMC VxRail cves: cve-2021-4104: investigated: false @@ -22925,8 +23716,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 4.5.x + - 4.7.x + - 7.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -22941,12 +23735,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-303 + notes: See DSA-2021-265. references: - - '' + - '[DSA-2021-265](https://www.dell.com/support/kbdoc/en-us/000194466/dsa-2021-265-dell-emc-vxrail-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SourceOne + product: Dell EMC XC cves: cve-2021-4104: investigated: false @@ -22955,10 +23749,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - '' fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -22971,12 +23765,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-311. references: - - '' + - '[DSA-2021-311](https://www.dell.com/support/kbdoc/en-us/000194822/dsa-2021-311-dell-emc-xc-series-and-core-appliance-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC SRM vApp + product: Dell EMC XtremIO cves: cve-2021-4104: investigated: false @@ -22985,10 +23779,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions before 4.6.0.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23001,12 +23795,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/25/2022 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Streaming Data Platform + product: Dell Encryption Enterprise* cves: cve-2021-4104: investigated: false @@ -23014,10 +23808,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23030,12 +23825,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/18/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Systems Update (DSU) + product: Dell Encryption Personal* cves: cve-2021-4104: investigated: false @@ -23047,7 +23842,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23065,7 +23860,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unisphere 360 + product: Dell Endpoint Security Suite Enterprise* cves: cve-2021-4104: investigated: false @@ -23077,7 +23872,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23095,7 +23890,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Unity + product: Dell Hybrid Client cves: cve-2021-4104: investigated: false @@ -23103,10 +23898,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23119,12 +23915,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/29/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC Virtual Storage Integrator + product: Dell ImageAssist cves: cve-2021-4104: investigated: false @@ -23136,7 +23932,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23154,7 +23950,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VPLEX + product: Dell Insights Client cves: cve-2021-4104: investigated: false @@ -23166,7 +23962,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23184,7 +23980,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC VxRail + product: Dell Linux Assistant cves: cve-2021-4104: investigated: false @@ -23193,10 +23989,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"4.5.x 4.7.x 7.0.x"' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23209,12 +24005,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell EMC XtremIO + product: Dell Memory Solutions cves: cve-2021-4104: investigated: false @@ -23226,7 +24022,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23244,7 +24040,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Enterprise* + product: Dell Mobile Connect cves: cve-2021-4104: investigated: false @@ -23256,7 +24052,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23274,7 +24070,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Encryption Personal* + product: Dell Monitor ISP (Windows/Mac/Linux) cves: cve-2021-4104: investigated: false @@ -23286,7 +24082,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23304,7 +24100,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Endpoint Security Suite Enterprise* + product: Dell Monitor SDK cves: cve-2021-4104: investigated: false @@ -23316,7 +24112,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23334,7 +24130,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Hybrid Client + product: Dell Networking X-Series cves: cve-2021-4104: investigated: false @@ -23346,7 +24142,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23364,7 +24160,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell ImageAssist + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -23376,7 +24172,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23394,7 +24190,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Insights Client + product: Dell OpenManage Enterprise cves: cve-2021-4104: investigated: false @@ -23403,10 +24199,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 3.8.2 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23419,12 +24215,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-275 references: - - '' + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Linux Assistant + product: Dell OpenManage Enterprise CloudIQ plugin cves: cve-2021-4104: investigated: false @@ -23436,7 +24232,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23454,7 +24250,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Mobile Connect + product: Dell OpenManage Enterprise Modular cves: cve-2021-4104: investigated: false @@ -23463,10 +24259,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - Versions before 1.40.10 fixed_versions: [] - unaffected_versions: - - N/A + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -23479,12 +24275,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-268 references: - - '' + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor ISP (Windows/Mac/Linux) + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -23496,7 +24292,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23514,7 +24310,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Monitor SDK + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -23526,7 +24322,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23544,7 +24340,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Networking X-Series + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -23556,7 +24352,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23574,7 +24370,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Mobile + product: Dell Optimizer cves: cve-2021-4104: investigated: false @@ -23586,7 +24382,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23604,7 +24400,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Manage Server Administrator + product: Dell OS Recovery Tool cves: cve-2021-4104: investigated: false @@ -23616,7 +24412,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23634,7 +24430,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Open Management Enterprise - Modular + product: Dell Peripheral Manager 1.4 / 1.5 for Windows cves: cve-2021-4104: investigated: false @@ -23643,10 +24439,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <1.40.10 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23659,12 +24455,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell Platform Service cves: cve-2021-4104: investigated: false @@ -23676,7 +24472,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23694,7 +24490,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager Plugin + product: Dell Power Manager cves: cve-2021-4104: investigated: false @@ -23706,7 +24502,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23724,7 +24520,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Optimizer + product: Dell Power Manager Lite cves: cve-2021-4104: investigated: false @@ -23736,7 +24532,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23754,7 +24550,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OS Recovery Tool + product: Dell Precision Optimizer cves: cve-2021-4104: investigated: false @@ -23766,7 +24562,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23784,7 +24580,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Peripheral Manager 1.4 / 1.5 for Windows + product: Dell Precision Optimizer for Linux cves: cve-2021-4104: investigated: false @@ -23796,7 +24592,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23814,7 +24610,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Platform Service + product: Dell Premier Color cves: cve-2021-4104: investigated: false @@ -23826,7 +24622,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23844,7 +24640,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager + product: Dell Recovery (Linux) cves: cve-2021-4104: investigated: false @@ -23856,7 +24652,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23874,7 +24670,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Power Manager Lite + product: Dell Remediation Platform cves: cve-2021-4104: investigated: false @@ -23886,7 +24682,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23904,7 +24700,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer + product: Dell Remote Execution Engine (DRONE) cves: cve-2021-4104: investigated: false @@ -23916,7 +24712,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23934,7 +24730,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Precision Optimizer for Linux + product: Dell Security Advisory Update - DSA-2021-088 cves: cve-2021-4104: investigated: false @@ -23946,7 +24742,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23964,7 +24760,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Premier Color + product: Dell Security Management Server & Dell Security Management Server Virtual* cves: cve-2021-4104: investigated: false @@ -23976,7 +24772,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -23994,7 +24790,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Recovery (Linux) + product: Dell SupportAssist SOS cves: cve-2021-4104: investigated: false @@ -24006,7 +24802,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24024,7 +24820,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remediation Platform + product: Dell Thin OS cves: cve-2021-4104: investigated: false @@ -24036,7 +24832,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24054,7 +24850,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Remote Execution Engine (DRONE) + product: Dell Threat Defense cves: cve-2021-4104: investigated: false @@ -24066,7 +24862,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24084,7 +24880,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Advisory Update - DSA-2021-088 + product: Dell True Color cves: cve-2021-4104: investigated: false @@ -24096,7 +24892,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24114,7 +24910,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Security Management Server & Dell Security Management Server Virtual* + product: Dell Trusted Device cves: cve-2021-4104: investigated: false @@ -24126,7 +24922,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24144,7 +24940,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell SupportAssist SOS + product: Dell Update cves: cve-2021-4104: investigated: false @@ -24156,7 +24952,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24174,7 +24970,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Thin OS + product: Dream Catcher cves: cve-2021-4104: investigated: false @@ -24186,7 +24982,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24204,7 +25000,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Threat Defense + product: DUP Creation Service cves: cve-2021-4104: investigated: false @@ -24216,7 +25012,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24234,7 +25030,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell True Color + product: DUP Framework (ISG) cves: cve-2021-4104: investigated: false @@ -24246,7 +25042,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24264,7 +25060,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Trusted Device + product: ECS cves: cve-2021-4104: investigated: false @@ -24274,9 +25070,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - 3.3.x + - 3.4.x + - 3.5.x + - 3.6.0.x + - 3.6.1.x + - 3.6.2.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24289,12 +25090,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-273. references: - - '' + - '[DSA-2021-273](https://www.dell.com/support/kbdoc/en-us/000194612/dsa-2021-273-dell-emc-ecs-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell Update + product: Embedded NAS cves: cve-2021-4104: investigated: false @@ -24306,7 +25107,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24324,7 +25125,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DellEMC OpenManage Enterprise Services + product: Embedded Service Enabler cves: cve-2021-4104: investigated: false @@ -24332,10 +25133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24348,12 +25150,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/20/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dream Catcher + product: Enterprise Hybrid Cloud cves: cve-2021-4104: investigated: false @@ -24365,7 +25167,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24378,12 +25180,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-270. references: - - '' + - '[DSA-2021-270](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Creation Service + product: Equallogic PS cves: cve-2021-4104: investigated: false @@ -24395,7 +25197,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24413,7 +25215,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: DUP Framework (ISG) + product: Fluid FS cves: cve-2021-4104: investigated: false @@ -24425,7 +25227,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24443,7 +25245,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded NAS + product: iDRAC Service Module (iSM) cves: cve-2021-4104: investigated: false @@ -24455,7 +25257,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24473,7 +25275,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Embedded Service Enabler + product: Infinity MLK (firmware) cves: cve-2021-4104: investigated: false @@ -24485,7 +25287,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24503,7 +25305,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Enterprise Hybrid Cloud + product: Integrated Dell Remote Access Controller (iDRAC) cves: cve-2021-4104: investigated: false @@ -24511,10 +25313,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24527,12 +25330,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '[link](https://www.dell.com/support/kbdoc/en-us/000194490/dsa-2021-270-enterprise-hybrid-cloud-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Equallogic PS + product: ISG Accelerators cves: cve-2021-4104: investigated: false @@ -24544,7 +25347,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24562,7 +25365,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Fluid FS + product: ISG Board & Electrical cves: cve-2021-4104: investigated: false @@ -24574,7 +25377,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24592,7 +25395,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: iDRAC Service Module (iSM) + product: ISG Drive & Storage Media cves: cve-2021-4104: investigated: false @@ -24604,7 +25407,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24622,7 +25425,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Infinity MLK (firmware) + product: IsilonSD Management Server cves: cve-2021-4104: investigated: false @@ -24634,7 +25437,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24652,7 +25455,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Integrated Dell Remote Access Controller (iDRAC) + product: IVE-WinDiag cves: cve-2021-4104: investigated: false @@ -24664,7 +25467,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24682,7 +25485,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Accelerators + product: Mainframe Enablers cves: cve-2021-4104: investigated: false @@ -24694,7 +25497,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24712,7 +25515,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: ISG Board & Electrical + product: MDS cves: cve-2021-4104: investigated: false @@ -24724,7 +25527,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24742,7 +25545,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IsilonSD Management Server + product: My Dell cves: cve-2021-4104: investigated: false @@ -24754,7 +25557,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24772,7 +25575,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: IVE-WinDiag + product: MyDell Mobile cves: cve-2021-4104: investigated: false @@ -24784,7 +25587,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24802,7 +25605,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Mainframe Enablers + product: NetWorker Management Console cves: cve-2021-4104: investigated: false @@ -24814,7 +25617,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24832,7 +25635,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: My Dell + product: Networking BIOS cves: cve-2021-4104: investigated: false @@ -24844,7 +25647,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24862,7 +25665,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: MyDell Mobile + product: Networking DIAG cves: cve-2021-4104: investigated: false @@ -24874,7 +25677,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24892,7 +25695,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: NetWorker Management Console + product: Networking N-Series cves: cve-2021-4104: investigated: false @@ -24904,7 +25707,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24922,7 +25725,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking BIOS + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -24934,7 +25737,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24952,7 +25755,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking DIAG + product: Networking OS 9 cves: cve-2021-4104: investigated: false @@ -24964,7 +25767,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24982,7 +25785,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking N-Series + product: Networking SD-WAN Edge SD-WAN cves: cve-2021-4104: investigated: false @@ -24994,7 +25797,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25012,7 +25815,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Networking W-Series cves: cve-2021-4104: investigated: false @@ -25024,7 +25827,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25042,7 +25845,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS9 + product: Networking X-Series cves: cve-2021-4104: investigated: false @@ -25054,7 +25857,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25072,7 +25875,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking SD-WAN Edge SD-WAN + product: OMIMSSC (OpenManage Integration for Microsoft System Center) cves: cve-2021-4104: investigated: false @@ -25084,7 +25887,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25102,7 +25905,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking W-Series + product: OMNIA cves: cve-2021-4104: investigated: false @@ -25114,7 +25917,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25132,7 +25935,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking X-Series + product: OpenManage Connections - Nagios cves: cve-2021-4104: investigated: false @@ -25144,7 +25947,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25162,7 +25965,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMIMSSC (OpenManage Integration for Microsoft System Center) + product: OpenManage Connections - ServiceNow cves: cve-2021-4104: investigated: false @@ -25174,7 +25977,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25192,7 +25995,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OMNIA + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -25204,7 +26008,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25222,7 +26026,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - Nagios + product: OpenManage Integration with Microsoft Windows Admin Center cves: cve-2021-4104: investigated: false @@ -25234,7 +26038,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25252,7 +26056,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Connections - ServiceNow + product: OpenManage Network Integration cves: cve-2021-4104: investigated: false @@ -25264,7 +26068,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25282,7 +26086,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Enterprise + product: OpenManage Power Center cves: cve-2021-4104: investigated: false @@ -25290,10 +26094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25306,13 +26111,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center - Operations Manager + product: PowerConnect N3200 cves: cve-2021-4104: investigated: false @@ -25324,7 +26128,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25342,7 +26146,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration with Microsoft Windows Admin Center + product: PowerConnect PC2800 cves: cve-2021-4104: investigated: false @@ -25354,7 +26158,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25372,7 +26176,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Network Integration + product: PowerConnect PC8100 cves: cve-2021-4104: investigated: false @@ -25384,7 +26188,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25402,7 +26206,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect N3200 + product: PowerEdge Accelerator Solutions cves: cve-2021-4104: investigated: false @@ -25414,7 +26218,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25432,7 +26236,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC2800 + product: PowerEdge BIOS cves: cve-2021-4104: investigated: false @@ -25444,7 +26248,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25462,7 +26266,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerConnect PC8100 + product: PowerEdge Networking Solutions cves: cve-2021-4104: investigated: false @@ -25474,7 +26278,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25492,7 +26296,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge BIOS + product: PowerEdge Operating Systems cves: cve-2021-4104: investigated: false @@ -25504,7 +26308,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25522,7 +26326,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: PowerEdge Operating Systems + product: PowerEdge RAID Controller Solutions cves: cve-2021-4104: investigated: false @@ -25534,7 +26338,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25564,7 +26368,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25594,7 +26398,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25624,7 +26428,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25654,7 +26458,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25684,7 +26488,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25714,7 +26518,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25744,7 +26548,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25774,7 +26578,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25804,7 +26608,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25849,10 +26653,10 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-282 references: - - '' + - '[]' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Secure Connect Gateway (SCG) Policy Manager + product: Secure Connect Gateway (SCG) Appliance cves: cve-2021-4104: investigated: false @@ -25861,10 +26665,41 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"5.00.00.10 5.00.05.10"' + affected_versions: [] + fixed_versions: + - 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-282 + references: + - '[DSA-2021-282](https://www.dell.com/support/kbdoc/en-us/000194624/dsa-2021-282-dell-emc-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Secure Connect Gateway (SCG) Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.00.00.10 + - 5.00.05.10 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25879,7 +26714,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-281 references: - - '' + - '[DSA-2021-281](https://www.dell.com/support/kbdoc/en-us/000194539/dsa-2021-281-dell-emc-policy-manager-for-secure-connect-gateway-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Server Storage @@ -25894,7 +26729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25924,7 +26759,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25954,7 +26789,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -25984,7 +26819,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26014,7 +26849,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26044,7 +26879,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26074,7 +26909,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26104,7 +26939,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26131,9 +26966,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '7' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -26147,9 +26982,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-287. references: - - '' + - '[DSA-2021-287](https://www.dell.com/support/kbdoc/en-us/000194544/dsa-2021-287-dell-emc-srs-policy-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: SRS VE @@ -26164,7 +26999,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26190,8 +27025,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 16.x + - 17.x + - 18.x + - 19.x + - 20.1.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26206,9 +27046,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending + notes: See DSA-2021-310. references: - - '' + - '[DSA-2021-310](https://www.dell.com/support/kbdoc/en-us/000194790/dsa-2021-310-storage-center-dell-storage-manager-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Storage Center OS and additional SC applications unless otherwise noted @@ -26223,7 +27063,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26253,7 +27093,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26283,7 +27123,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26309,8 +27149,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 2.0.70 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26325,9 +27166,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/23/21 + notes: See DSA-2021-283. references: - - '' + - '[DSA-2021-283](https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: UCC Edge @@ -26342,7 +27183,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26368,9 +27209,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Versions before 4.0 SP 9.2 (4.0.9.1541235) unaffected_versions: [] cve-2021-45046: investigated: false @@ -26384,9 +27226,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 1/10/2022 + notes: See DSA-2021-296. references: - - '' + - '[DSA-2021-296](https://www.dell.com/support/kbdoc/en-us/000194874/dsa-2021-296-dell-emc-unisphere-central-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228-cve-2021-45046-and-cve-2021-45105)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Unisphere for PowerMax @@ -26401,7 +27243,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26431,7 +27273,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26461,7 +27303,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26491,7 +27333,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26521,7 +27363,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26547,8 +27389,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26563,9 +27406,10 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login) + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: ViPR Controller @@ -26580,7 +27424,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26608,7 +27452,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26638,7 +27482,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '"8.2 8.3 8.4 8.5 and 8.6"' + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -26658,7 +27502,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX1 + product: VNX Control Station cves: cve-2021-4104: investigated: false @@ -26670,7 +27514,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26688,7 +27532,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNX2 + product: VNX1 cves: cve-2021-4104: investigated: false @@ -26700,7 +27544,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26718,7 +27562,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 1600 + product: VNX2 cves: cve-2021-4104: investigated: false @@ -26727,10 +27571,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Versions 3.1.16.10220572 and earlier + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26743,12 +27587,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VNXe 3200 + product: VNXe 1600 cves: cve-2021-4104: investigated: false @@ -26757,9 +27601,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Version 3.1.15.10216415 and earlier - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 3.1.16.10220572 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -26773,12 +27617,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-299 references: - - '' + - '[DSA-2021-299](https://www.dell.com/support/kbdoc/en-us/000194605/dsa-2021-299-dell-emc-vnxe1600-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: VPLEX VS2/VS6 / VPLEX Witness + product: VNXe 3200 cves: cve-2021-4104: investigated: false @@ -26788,9 +27632,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - N/A + fixed_versions: + - Version 3.1.15.10216415 and earlier + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26803,12 +27647,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' + notes: See DSA-2021-298 references: - - '' + - '[DSA-2021-298](https://www.dell.com/support/kbdoc/en-us/000194606/dsa-2021-298-dell-emc-vnxe3200-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228?lang=en)' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension Data Management + product: VPLEX VS2/VS6 / VPLEX Witness cves: cve-2021-4104: investigated: false @@ -26816,10 +27660,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -26832,12 +27677,12 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: vRealize Data Protection Extension for vRealize Automation (vRA) 8.x + product: vRealize Data Protection Extension Data Management cves: cve-2021-4104: investigated: false @@ -26846,9 +27691,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '"version 19.6 version 19.7 version 19.8 and version 19.9"' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -26862,9 +27707,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch expected by 12/19/21 + notes: See DSA-2021-290. references: - - '' + - '[DSA-2021-290](https://www.dell.com/support/kbdoc/en-us/000194614/dsa-2021-290-dell-emc-vrealize-data-protection-extension-for-vrealize-automation-vra-8-x-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRealize Orchestrator (vRO) Plug-ins for Dell EMC Storage @@ -26876,9 +27721,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Various - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -26892,9 +27737,9 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-300 + notes: See DSA-2021-300. references: - - '' + - '[DSA-2021-300](https://www.dell.com/support/kbdoc/en-us/000194610/dsa-2021-300)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: vRO Plugin for Dell EMC PowerMax @@ -26906,9 +27751,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Version 1.2.3 or earlier - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -26936,9 +27781,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - Version 1.1.0 or earlier - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -27059,7 +27904,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27085,7 +27930,7 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -27101,9 +27946,10 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '"Patch pending See vce6771 (requires customer login) "' + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - - '' + - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Warnado MLK (firmware) @@ -27118,7 +27964,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27145,9 +27991,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <3.5 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - < 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -27163,7 +28009,7 @@ software: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability notes: See DSA-2021-267 references: - - '' + - '[DSA-2021-267](https://www.dell.com/support/kbdoc/en-us/000194459/dsa-2021-267-dell-wyse-management-suite-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Wyse Proprietary OS (ThinOS) @@ -27178,7 +28024,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27208,7 +28054,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - N/A + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27256,7 +28102,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Denequa - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -27285,7 +28131,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Device42 - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -27293,10 +28139,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27314,7 +28161,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Devolutions - product: All products + product: All cves: cve-2021-4104: investigated: false @@ -27322,10 +28169,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27343,7 +28191,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Diebold Nixdorf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -27380,10 +28228,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27409,10 +28258,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27438,10 +28288,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27467,10 +28318,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27496,10 +28348,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27525,10 +28378,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27554,10 +28408,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27583,10 +28438,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27612,10 +28468,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27641,10 +28498,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27670,10 +28528,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27699,10 +28558,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27728,10 +28588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27757,10 +28618,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27786,10 +28648,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27815,10 +28678,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27844,10 +28708,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27873,10 +28738,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27902,10 +28768,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27931,10 +28798,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi EX routers + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27952,7 +28850,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi EX routers + product: Digi IX routers cves: cve-2021-4104: investigated: false @@ -27960,10 +28858,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi LR54 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -27981,7 +28910,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi IX routers + product: Digi Navigator cves: cve-2021-4104: investigated: false @@ -27989,10 +28918,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi One family + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28010,7 +28970,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi LR54 + product: Digi Passport family cves: cve-2021-4104: investigated: false @@ -28018,10 +28978,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.digi.com/resources/security + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Digi International + product: Digi PortServer TS family + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28039,7 +29030,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Navigator + product: Digi Remote Manager cves: cve-2021-4104: investigated: false @@ -28047,10 +29038,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28068,7 +29060,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi One family + product: Digi TX routers cves: cve-2021-4104: investigated: false @@ -28076,10 +29068,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28097,7 +29090,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Passport family + product: Digi WR11 cves: cve-2021-4104: investigated: false @@ -28105,10 +29098,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28126,7 +29120,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi PortServer TS family + product: Digi WR21 cves: cve-2021-4104: investigated: false @@ -28134,10 +29128,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28155,7 +29150,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi Remote Manager + product: Digi WR31 cves: cve-2021-4104: investigated: false @@ -28163,10 +29158,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28184,7 +29180,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi TX routers + product: Digi WR44R/RR cves: cve-2021-4104: investigated: false @@ -28192,10 +29188,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28213,7 +29210,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR11 + product: Digi WR54 cves: cve-2021-4104: investigated: false @@ -28221,10 +29218,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28242,7 +29240,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR21 + product: Digi WR64 cves: cve-2021-4104: investigated: false @@ -28250,10 +29248,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28271,7 +29270,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR31 + product: Digi Xbee mobile app cves: cve-2021-4104: investigated: false @@ -28279,10 +29278,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28300,7 +29300,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR44R/RR + product: Lighthouse cves: cve-2021-4104: investigated: false @@ -28308,10 +29308,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28329,7 +29330,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR54 + product: Realport cves: cve-2021-4104: investigated: false @@ -28337,10 +29338,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28358,7 +29360,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Digi International - product: Digi WR64 + product: Remote Hub Config Utility cves: cve-2021-4104: investigated: false @@ -28366,10 +29368,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28386,8 +29389,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Digi Xbee mobile app + - vendor: Digicert + product: All cves: cve-2021-4104: investigated: false @@ -28410,13 +29413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://knowledge.digicert.com/alerts/digicert-log4j-response.html notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Lighthouse + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital AI + product: All cves: cve-2021-4104: investigated: false @@ -28439,13 +29442,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security + - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Realport + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Digital Alert Systems + product: All cves: cve-2021-4104: investigated: false @@ -28468,13 +29471,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://www.digitalalertsystems.com/default-2.htm + notes: Formerly Monroe Electronics, Inc. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digi International - product: Remote Hub Config Utility + last_updated: '2022-01-05T00:00:00' + - vendor: DirectAdmin + product: All cves: cve-2021-4104: investigated: false @@ -28482,10 +29485,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28497,13 +29501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digi.com/resources/security - notes: '' + - https://forum.directadmin.com/threads/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare.65173/#post-339723 + notes: Invidivual plugins not developed as part of DirectAdmin core may be vulnerable. references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Digicert - product: '' + last_updated: '2022-01-05T00:00:00' + - vendor: DNSFilter + product: All cves: cve-2021-4104: investigated: false @@ -28526,13 +29530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://knowledge.digicert.com/alerts/digicert-log4j-response.html + - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital AI - product: '' + - vendor: Docker + product: Infrastructure cves: cve-2021-4104: investigated: false @@ -28540,10 +29544,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28555,12 +29560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.digital.ai/hc/en-us/articles/4412377686674-Log4J-Vulnerability-to-Zero-Day-Exploit-and-Digital-ai#overview-0-1 - notes: '' + - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. + For more info see source. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Digital Alert Systems + - vendor: Docusign product: All cves: cve-2021-4104: @@ -28584,13 +29590,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.digitalalertsystems.com/default-2.htm - notes: Formerly Monroe Electronics, Inc. + - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability + notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: DNSFilter - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: DotCMS + product: Hybrid Content Management System cves: cve-2021-4104: investigated: false @@ -28598,9 +29604,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -28613,13 +29620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.dnsfilter.com/blog/dnsfilter-response-to-log4j-vulnerability + - https://github.com/dotCMS/core/issues/21393 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docker - product: '' + - vendor: DrayTek + product: All cves: cve-2021-4104: investigated: false @@ -28627,10 +29634,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28642,13 +29650,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Docusign - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: Dropwizard + product: All cves: cve-2021-4104: investigated: false @@ -28656,10 +29664,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28671,14 +29680,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.docusign.com/trust/alerts/alert-docusign-statement-on-the-log4j2-vulnerability - notes: '' + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: DrayTek - product: Vigor Routers, Access Points, Switches, VigorACS Central Management Software, - MyVigor Platform + last_updated: '2021-12-15T00:00:00' + - vendor: Dräger + product: All cves: cve-2021-4104: investigated: false @@ -28686,10 +29694,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28701,13 +29710,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ + - https://static.draeger.com/security notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: DSpace - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -28744,9 +29753,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -28765,7 +29775,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Dynatrace - product: Dynatrace Extensions + product: Cloud Services cves: cve-2021-4104: investigated: false @@ -28773,10 +29783,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/ + notes: Please see Dynatrace Communication for details + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Dynatrace + product: Extensions + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -28802,9 +29843,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -28831,10 +29873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28860,10 +29903,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28889,9 +29933,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -28918,9 +29963,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -28947,9 +29993,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false diff --git a/data/cisagov_D.yml b/data/cisagov_D.yml index 3bfc34b..3bd65f6 100644 --- a/data/cisagov_D.yml +++ b/data/cisagov_D.yml @@ -74,7 +74,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'DWP-1000' + - DWP-1000 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -166,7 +166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'P10' + - P10 cve-2021-45046: investigated: false affected_versions: [] @@ -196,13 +196,13 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'AMP-R200' - - 'AMP-R400' - - 'AMP-R800' - - 'AMP-SM100' - - 'AMP-SE100' - - 'AMP-SM200' - - 'AMP-SM400' + - AMP-R200 + - AMP-R400 + - AMP-R800 + - AMP-SM100 + - AMP-SE100 + - AMP-SM200 + - AMP-SM400 cve-2021-45046: investigated: false affected_versions: [] @@ -244,8 +244,8 @@ software: unaffected_versions: [] vendor_links: - https://www.daktronics.com/en-us/support/kb/000025337 - notes: DMS Web Player not present in our codebase, but awaiting confirmation - from LG re webOS platform. + notes: DMS Web Player not present in our codebase, but awaiting confirmation from + LG re webOS platform. references: - '' last_updated: '2022-01-06T00:00:00' @@ -262,7 +262,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'A-3257' + - A-3257 - '3256' - '2270' - '2269' @@ -296,7 +296,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'A-3189335' + - A-3189335 - '3128' - '3416' - '3418' @@ -332,7 +332,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'A-4036028' + - A-4036028 cve-2021-45046: investigated: false affected_versions: [] @@ -362,7 +362,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'A-3665' + - A-3665 cve-2021-45046: investigated: false affected_versions: [] @@ -390,7 +390,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - 'A-3350704' + - A-3350704 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -612,7 +612,8 @@ software: unaffected_versions: [] vendor_links: - https://customerportal.darktrace.com/inside-the-soc/get-article/201 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -641,7 +642,8 @@ software: unaffected_versions: [] vendor_links: - https://kb.dsxclient.3ds.com/mashup-ui/page/resultqa?id=QA00000102301e - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -688,9 +690,9 @@ software: affected_versions: [] fixed_versions: - '>=6.17.0' - - '<=6.32.2' + - <=6.32.2 - '>=7.17.0' - - '<=7.32.2' + - <=7.32.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -721,7 +723,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.0.2' + - < 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -752,7 +754,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.0.2' + - < 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -766,7 +768,8 @@ software: unaffected_versions: [] vendor_links: - https://www.datadoghq.com/log4j-vulnerability/ - notes: Following AWS recommendation, library updated using the latest version of amazon-lambda-java-log4j2 (1.4.0). + notes: Following AWS recommendation, library updated using the latest version + of amazon-lambda-java-log4j2 (1.4.0). references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -989,25 +992,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' @@ -1022,25 +1025,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' @@ -1055,25 +1058,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' @@ -1088,25 +1091,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' @@ -1121,25 +1124,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45105: investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 notes: '' @@ -1154,12 +1157,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1173,7 +1176,8 @@ software: unaffected_versions: [] vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 - notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available on our WIKI. + notes: The solution contains Elasticsearch (vulnerable). Mitigating actions available + on our WIKI. references: - '' last_updated: '2022-02-01T07:18:50+00:00' @@ -1185,12 +1189,12 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-44228: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1204,7 +1208,8 @@ software: unaffected_versions: [] vendor_links: - https://decos.freshdesk.com/nl/support/solutions/articles/17000121598 - notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). Mitigating actions taken. + notes: The SaaS hosted solution contains Logstash + Elasticsearch (vulnerable). + Mitigating actions taken. references: - '' last_updated: '2022-02-01T07:18:50+00:00' @@ -1699,6 +1704,37 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, + XPS, Vostro, ChengMing) BIOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Cloud IQ cves: @@ -1907,8 +1943,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - 'Versions prior to 11.5(1x)' + affected_versions: Versions prior to 11.5(1x) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2060,7 +2095,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Versions from 7.3.0.5 to 7.7.0.6' + - Versions from 7.3.0.5 to 7.7.0.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2229,36 +2264,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Client Platforms (Latitude, OptiPlex, Alienware, Inspiron, Precision, XPS, Vostro, ChengMing) BIOS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell Cloud Command Repository Manager cves: @@ -2994,7 +2999,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Versions from 19.6 and later' + - Versions from 19.6 and later fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3145,14 +3150,14 @@ software: investigated: true affected_versions: [] fixed_versions: - - '18.x (or earlier) -standalone DPA is EOSL' - - '18.2.x (IDPA)' - - '19.1.x' - - '19.2.x' - - '19.3.x' - - '19.4.x' - - '19.5.x' - - '19.6.0' + - 18.x (or earlier) -standalone DPA is EOSL + - 18.2.x (IDPA) + - 19.1.x + - 19.2.x + - 19.3.x + - 19.4.x + - 19.5.x + - 19.6.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3182,8 +3187,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '18.2.x-19.4.x' - - '19.5.0-19.5.0.7' + - 18.2.x-19.4.x + - 19.5.0-19.5.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3212,7 +3217,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Versions before 19.6' + - Versions before 19.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3302,9 +3307,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '<6.0.0' - - '6.1.0' - - '6.2.x' + - <6.0.0 + - 6.1.0 + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3487,7 +3492,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Versions before 7.0.1 P2' + - Versions before 7.0.1 P2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3517,8 +3522,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '19.4.x' - - '19.5.x' + - 19.4.x + - 19.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3548,8 +3553,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '19.4.x' - - '19.5.x' + - 19.4.x + - 19.5.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3658,66 +3663,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OpenManage Enterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 'Versions before 3.8.2' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-275 - references: - - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' - last_updated: '2021-12-15T00:00:00' - - vendor: Dell - product: Dell OpenManage Enterprise Modular - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 'Versions before 1.40.10' - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: See DSA-2021-268 - references: - - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' - last_updated: '2021-12-15T00:00:00' - vendor: Dell product: Dell EMC OpenManage Enterprise Services cves: @@ -3729,7 +3674,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Version 1.2 and earlier' + - Version 1.2 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3910,10 +3855,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'RCM 3.3 train - all versions up to 3.3.11.0' - - 'RCM 3.4 train - all versions up to 3.4.6.0' - - 'RCM 3.5 train - all versions up to 3.5.6.0' - - 'RCM 3.6 train - all versions up to 3.6.2.0' + - RCM 3.3 train - all versions up to 3.3.11.0 + - RCM 3.4 train - all versions up to 3.4.6.0 + - RCM 3.5 train - all versions up to 3.5.6.0 + - RCM 3.6 train - all versions up to 3.6.2.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3944,14 +3889,14 @@ software: investigated: true affected_versions: - '3.5' - - '3.5.1' - - '3.5.1.1' - - '3.5.1.2' - - '3.5.1.3' - - '3.5.1.4' + - 3.5.1 + - 3.5.1.1 + - 3.5.1.2 + - 3.5.1.3 + - 3.5.1.4 - '3.6' - - '3.6.0.1' - - '3.6.0.2' + - 3.6.0.1 + - 3.6.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4071,7 +4016,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All versions 19.9 and earlier' + - All versions 19.9 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4101,7 +4046,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.7.0 and earlier' + - 2.7.0 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4251,7 +4196,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Versions before 2.0.1.3-1538564' + - Versions before 2.0.1.3-1538564 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4371,7 +4316,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4552,7 +4497,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Versions before 4.6.0.2' + - Versions before 4.6.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4583,9 +4528,9 @@ software: affected_versions: - '1.1' - '1.2' - - '1.2 HF1' + - 1.2 HF1 - '1.3' - - '1.3.1' + - 1.3.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4765,7 +4710,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '19.5-19.9' + - 19.5-19.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4795,9 +4740,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '4.5.x' - - '4.7.x' - - '7.0.x' + - 4.5.x + - 4.7.x + - 7.0.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5237,7 +5182,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Mobile + product: Dell OpenManage Change Management cves: cve-2021-4104: investigated: false @@ -5267,7 +5212,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Server Administrator + product: Dell OpenManage Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 3.8.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-275 + references: + - '[DSA-2021-275](https://www.dell.com/support/kbdoc/en-us/000194638/dsa-2021-275-dell-emc-openmanage-enterprise-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise CloudIQ plugin cves: cve-2021-4104: investigated: false @@ -5297,7 +5272,37 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Change Management + product: Dell OpenManage Enterprise Modular + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Versions before 1.40.10 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability + notes: See DSA-2021-268 + references: + - '[DSA-2021-268](https://www.dell.com/support/kbdoc/en-us/000194625/dsa-2021-268-dell-emc-openmanage-enterprise-modular-security-update-for-apache-log4j-remote-code-execution-vulnerability-cve-2021-44228)' + last_updated: '2021-12-15T00:00:00' + - vendor: Dell + product: Dell OpenManage Enterprise Power Manager plugin cves: cve-2021-4104: investigated: false @@ -5327,7 +5332,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise Power Manager plugin + product: Dell OpenManage Mobile cves: cve-2021-4104: investigated: false @@ -5357,7 +5362,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Dell OpenManage Enterprise CloudIQ plugin + product: Dell OpenManage Server Administrator cves: cve-2021-4104: investigated: false @@ -6088,12 +6093,12 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.3.x' - - '3.4.x' - - '3.5.x' - - '3.6.0.x' - - '3.6.1.x' - - '3.6.2.0' + - 3.3.x + - 3.4.x + - 3.5.x + - 3.6.0.x + - 3.6.1.x + - 3.6.2.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6742,7 +6747,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 9 + product: Networking OS 10 cves: cve-2021-4104: investigated: false @@ -6772,7 +6777,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: Networking OS 10 + product: Networking OS 9 cves: cve-2021-4104: investigated: false @@ -7012,7 +7017,8 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Dell - product: OpenManage Integration for Microsoft System Center for System Center Operations Manager + product: OpenManage Integration for Microsoft System Center for System Center + Operations Manager cves: cve-2021-4104: investigated: false @@ -7683,7 +7689,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD)' + - 5.00.00, 5.00.05, and 4.0.06 and earlier versions (OVF and VHD) unaffected_versions: [] cve-2021-45046: investigated: false @@ -7713,8 +7719,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.00.00.10' - - '5.00.05.10' + - 5.00.00.10 + - 5.00.05.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8043,11 +8049,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '16.x' - - '17.x' - - '18.x' - - '19.x' - - '20.1.1' + - 16.x + - 17.x + - 18.x + - 19.x + - 20.1.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8167,7 +8173,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.0.70 and earlier' + - 2.0.70 and earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8228,7 +8234,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Versions before 4.0 SP 9.2 (4.0.9.1541235)' + - Versions before 4.0 SP 9.2 (4.0.9.1541235) unaffected_versions: [] cve-2021-45046: investigated: false @@ -8422,7 +8428,8 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' @@ -8467,7 +8474,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.2 8.3 8.4 8.5 and 8.6' + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8497,7 +8504,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.2 8.3 8.4 8.5 and 8.6' + - 8.2 8.3 8.4 8.5 and 8.6 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8618,7 +8625,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Versions 3.1.16.10220572 and earlier' + - Versions 3.1.16.10220572 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -8648,7 +8655,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 3.1.15.10216415 and earlier' + - Version 3.1.15.10216415 and earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -8768,7 +8775,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 1.2.3 or earlier' + - Version 1.2.3 or earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -8798,7 +8805,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Version 1.1.0 or earlier' + - Version 1.1.0 or earlier unaffected_versions: [] cve-2021-45046: investigated: false @@ -8827,7 +8834,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Version 1.1.4 or earlier' + - Version 1.1.4 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8857,7 +8864,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Version 1.0.6 or earlier' + - Version 1.0.6 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8887,7 +8894,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Version 4.1.2 or earlier' + - Version 4.1.2 or earlier fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8961,7 +8968,8 @@ software: unaffected_versions: [] vendor_links: - https://www.dell.com/support/kbdoc/en-us/000194414/dell-response-to-apache-log4j-remote-code-execution-vulnerability - notes: Patch pending See vce6771 (requires customer login). This advisory is available to customer only and has not been reviewed by CISA. + notes: Patch pending See vce6771 (requires customer login). This advisory is available + to customer only and has not been reviewed by CISA. references: - '[vce6771](https://support-dellemc-com.secure.force.com/)' last_updated: '2021-12-15T00:00:00' @@ -9007,7 +9015,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 3.5' + - < 3.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -10575,7 +10583,8 @@ software: unaffected_versions: [] vendor_links: - https://www.docker.com/blog/apache-log4j-2-cve-2021-44228/ - notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. For more info see source. + notes: Docker infrastructure not vulnerable, Docker images could be vulnerable. + For more info see source. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -10638,7 +10647,7 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Dräger + - vendor: DrayTek product: All cves: cve-2021-4104: @@ -10663,12 +10672,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://static.draeger.com/security + - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: DrayTek + - vendor: Dropwizard product: All cves: cve-2021-4104: @@ -10693,12 +10702,12 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.draytek.com/about/security-advisory/log4shell-vulnerability-(cve-2021-44228)/ - notes: '' + - https://twitter.com/dropwizardio/status/1469285337524580359 + notes: Only vulnerable if you manually added Log4j. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Dropwizard + - vendor: Dräger product: All cves: cve-2021-4104: @@ -10723,8 +10732,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://twitter.com/dropwizardio/status/1469285337524580359 - notes: Only vulnerable if you manually added Log4j. + - https://static.draeger.com/security + notes: '' references: - '' last_updated: '2021-12-15T00:00:00' From d0c7ae887e5b9b9e4ba1ace38a236dd154fb07f2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 3 Feb 2022 16:27:52 -0500 Subject: [PATCH 157/268] Add Jamf products --- data/cisagov_J.yml | 310 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 305 insertions(+), 5 deletions(-) diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index d58b98c..34af78e 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: Jamasoftware - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,97 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf - product: Jamf Pro + product: Jamf Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Health Care Listener cves: cve-2021-4104: investigated: false @@ -43,10 +133,220 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.31.0 – 10.34.0 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Infrastructure Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Now + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Pro (On-Prem) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '10.34.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf School + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Threat Defense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -94,7 +394,7 @@ software: - '' last_updated: '2022-01-05T00:00:00' - vendor: Jaspersoft - product: '' + product: All cves: cve-2021-4104: investigated: false From e72cc361779f6034ce1535a233237d32421ef0ef Mon Sep 17 00:00:00 2001 From: Lcerkov <96153185+Lcerkov@users.noreply.github.com> Date: Fri, 4 Feb 2022 11:53:04 -0500 Subject: [PATCH 158/268] Update SOFTWARE-LIST.tpl.md Clarifying acronym --- config/SOFTWARE-LIST.tpl.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/SOFTWARE-LIST.tpl.md b/config/SOFTWARE-LIST.tpl.md index 581ca18..6dc7340 100644 --- a/config/SOFTWARE-LIST.tpl.md +++ b/config/SOFTWARE-LIST.tpl.md @@ -16,7 +16,7 @@ This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak -- NCSC-NL +- National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). From 8972b49b656bd5cd829df542f9d05751ce51a7e3 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 4 Feb 2022 16:56:59 +0000 Subject: [PATCH 159/268] Update the software list --- SOFTWARE-LIST.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index c55f6c9..5ba3031 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -16,7 +16,7 @@ This list has been populated using information from the following sources: - Kevin Beaumont - SwitHak -- NCSC-NL +- National Cyber Security Centre - Netherlands (NCSC-NL) NOTE: This file is automatically generated. To submit updates, please refer to [`CONTRIBUTING.md`](CONTRIBUTING.md). From 79b24dbfbae6d16200a19fdc00bccf6e3896ca31 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 12:46:03 -0500 Subject: [PATCH 160/268] Update JetBrains, JFrog --- data/cisagov_J.yml | 113 +++++++++++++++++++++++++++++++++++---------- 1 file changed, 88 insertions(+), 25 deletions(-) diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 34af78e..8daf02f 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -376,7 +376,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.82 + - '8.0.82' cve-2021-45046: investigated: false affected_versions: [] @@ -422,8 +422,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Java Melody + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.90.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jedox - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -452,7 +482,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jenkins - product: CI/CD Core + product: CI cves: cve-2021-4104: investigated: false @@ -460,10 +490,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jenkins + product: CI/CD Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -474,7 +535,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' @@ -504,9 +566,9 @@ software: unaffected_versions: [] vendor_links: - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + notes: '' references: - - '' + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' last_updated: '2021-12-16T00:00:00' - vendor: JetBrains product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, @@ -522,7 +584,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -551,7 +613,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -582,7 +644,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -611,7 +673,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '30211' + - '30241' unaffected_versions: [] cve-2021-45046: investigated: false @@ -642,7 +704,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -671,7 +733,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.1.14080 + - '2021.1.14080' unaffected_versions: [] cve-2021-45046: investigated: false @@ -704,7 +766,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -734,7 +796,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -764,7 +826,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -794,7 +856,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -824,7 +886,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -854,7 +916,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -884,7 +946,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -913,7 +975,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - '2020.1.1952' unaffected_versions: [] cve-2021-45046: investigated: false @@ -943,7 +1005,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -973,7 +1035,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - '2021.4.35970' unaffected_versions: [] cve-2021-45046: investigated: false @@ -992,7 +1054,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: JFROG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1000,10 +1062,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 72b040cf9ca6fdb546d84d9485d491a700dc811b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 14:17:46 -0500 Subject: [PATCH 161/268] Fix whitespace --- data/cisagov_J.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 8daf02f..107606d 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -662,7 +662,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: Floating license server + product: Floating License Server cves: cve-2021-4104: investigated: false @@ -1065,7 +1065,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: + unaffected_versions: - '' cve-2021-45046: investigated: false From d57574206e64bb61edd3a02aa6c90521a9b9d3ed Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 14:57:43 -0500 Subject: [PATCH 162/268] Add Johnson Controls --- data/cisagov_J.yml | 878 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 831 insertions(+), 47 deletions(-) diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 107606d..79ba481 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -1053,7 +1053,7 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JFROG + - vendor: JFrog product: All cves: cve-2021-4104: @@ -1083,8 +1083,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitsi - product: '' + - vendor: JGraph + product: DrawIO cves: cve-2021-4104: investigated: false @@ -1092,10 +1092,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jgraph/drawio/issues/2490 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v2.1-595-g3637fda42' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1113,7 +1144,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jitterbit - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1141,6 +1172,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Johnson Controls + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls product: BCPro cves: @@ -1154,7 +1215,130 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE Web + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: C•CURE-9000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.90.x' + - '2.80.x' + - '2.70.x' + - '2.60.x' cve-2021-45046: investigated: false affected_versions: [] @@ -1184,7 +1368,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1214,7 +1398,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1232,7 +1416,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Gateway + product: CK721-A (P2000) cves: cve-2021-4104: investigated: false @@ -1244,7 +1428,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1262,7 +1446,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Web + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -1274,7 +1458,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1292,7 +1476,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -1304,7 +1488,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1322,7 +1506,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: Connect24 cves: cve-2021-4104: investigated: false @@ -1334,7 +1518,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.80.x (all 2.80 versions) + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1352,7 +1536,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: Connected Equipment Gateway (CEG) cves: cve-2021-4104: investigated: false @@ -1364,7 +1548,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.70 (All versions) + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1382,7 +1566,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE‐9000 + product: DataSource cves: cve-2021-4104: investigated: false @@ -1394,7 +1578,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1454,7 +1638,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1484,7 +1668,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1514,7 +1698,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1544,7 +1728,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1574,7 +1758,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - '14.x' cve-2021-45046: investigated: false affected_versions: [] @@ -1604,7 +1788,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1634,7 +1818,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1664,7 +1848,37 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1712,7 +1926,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries NEO + product: OpenBlue Active Responder cves: cve-2021-4104: investigated: false @@ -1724,7 +1938,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1742,7 +1956,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries Pro + product: OpenBlue Bridge cves: cve-2021-4104: investigated: false @@ -1754,7 +1968,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1772,7 +1986,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Qolsys IQ Panels + product: OpenBlue Chiller Utility Plant Optimizer cves: cve-2021-4104: investigated: false @@ -1784,7 +1998,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1802,7 +2016,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Sur‐Gard Receivers + product: OpenBlue Cloud cves: cve-2021-4104: investigated: false @@ -1814,7 +2028,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1832,7 +2046,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Tyco AI + product: OpenBlue Connected Chiller cves: cve-2021-4104: investigated: false @@ -1844,7 +2058,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1862,7 +2076,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor + product: OpenBlue Enterprise Manager cves: cve-2021-4104: investigated: false @@ -1874,7 +2088,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1892,7 +2106,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: OpenBlue Location Manager cves: cve-2021-4104: investigated: false @@ -1904,7 +2118,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1922,7 +2136,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: OpenBlue Risk Insight cves: cve-2021-4104: investigated: false @@ -1934,7 +2148,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1952,7 +2166,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: VideoEdge + product: OpenBlue Twin cves: cve-2021-4104: investigated: false @@ -1964,7 +2178,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1981,8 +2195,578 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + - vendor: Johnson Controls + product: OpenBlue Workplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: P2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: S321-IP (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Video Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: TrueVue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Xaap + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: All cves: cve-2021-4104: investigated: false From b119a9180e77cef2375730f9aa5c9c63083ce3d3 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 15:49:25 -0500 Subject: [PATCH 163/268] Add Juniper Networks Products --- data/cisagov_J.yml | 1207 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1202 insertions(+), 5 deletions(-) diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index 79ba481..e939941 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -2807,7 +2807,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2825,7 +2825,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jump Desktop - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2854,7 +2854,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: '' + product: Advanced Threat Prevention (JATP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix cves: cve-2021-4104: investigated: false @@ -2862,10 +2892,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2882,8 +2943,1144 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Justice Systems - product: '' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Mist Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Sky Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos Space Network Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Mist Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST: Juniper Networks Marvis Virtual Network Assistant (VNA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST: Juniper Networks Mist AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST: Juniper Networks Wi-Fi Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST: Juniper Networks Wired Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Network Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Pathfinder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Policy Enforcer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ScreenOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: SecIntel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Secure Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Space SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: User Engagement Virtual BLE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Justice Systems + product: All cves: cve-2021-4104: investigated: false From b22926a748978b277e39a74bb287d33c5215b0a3 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 15:54:09 -0500 Subject: [PATCH 164/268] Remove extra colons --- data/cisagov_J.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index e939941..cbee29f 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -3452,7 +3452,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST: Juniper Networks Marvis Virtual Network Assistant (VNA) + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) cves: cve-2021-4104: investigated: false @@ -3482,7 +3482,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST: Juniper Networks Mist AI + product: MIST - Juniper Networks Mist AI cves: cve-2021-4104: investigated: false @@ -3512,7 +3512,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST: Juniper Networks Wi-Fi Assurance + product: MIST - Juniper Networks Wi-Fi Assurance cves: cve-2021-4104: investigated: false @@ -3542,7 +3542,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST: Juniper Networks Wired Assurance + product: MIST - Juniper Networks Wired Assurance cves: cve-2021-4104: investigated: false From 77f73e03ce7af142fa816567335e6d5fbc6bbea5 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 4 Feb 2022 21:00:55 +0000 Subject: [PATCH 165/268] Update the software list --- SOFTWARE-LIST.md | 120 +- data/cisagov.yml | 2831 ++++++++++++++++++++++++++++++++++++++++---- data/cisagov_J.yml | 159 +-- 3 files changed, 2767 insertions(+), 343 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5ba3031..56ad28e 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1973,17 +1973,29 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Ivanti | Virtual Desktop Extender | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Wavelink License Server | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | | Ivanti | Xtraction | | | Not Affected | [link](https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-18 | -| Jamasoftware | | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jamf | Jamf Pro | 10.31.0 – 10.34.0 | | Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamasoftware | All | | | Unknown | [link](https://community.jamasoftware.com/communities/community-home/digestviewer/viewthread?MessageKey=06d26f9c-2abe-4c10-93d4-c0f6c8a01b22&CommunityKey=c9d20d4c-5bb6-4f19-92eb-e7cee0942d51&tab=digestviewer#bm06d26f9c-2abe-4c10-93d4-c0f6c8a01b22) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Cloud | | | Fixed | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Connect | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Data Policy | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Health Care Listener | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Infrastructure Manager | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Now | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Private Access | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Pro (On-Prem) | | 10.34.1 | Fixed | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Protect | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf School | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jamf | Jamf Threat Defense | | | Not Affected | [link](https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Janitza | GridVis | | | Not Affected | [link](https://www.janitza.com/us/gridvis-download.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-05 | -| Jaspersoft | | | | Unknown | [link](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jedox | | | | Unknown | [link](https://www.jedox.com/en/trust/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jenkins | CI/CD Core | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jenkins | Plugins | | | Unknown | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | [Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Jaspersoft | All | | | Unknown | [link](https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Java Melody | All | | 1.90.0 | Fixed | [link](https://github.com/javamelody/javamelody/wiki/ReleaseNotes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jedox | All | | | Unknown | [link](https://www.jedox.com/en/trust/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | CI | | | Not Affected | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | CI/CD Core | | | Not Affected | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jenkins | Plugins | | | Unknown | [link](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | | [Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | JetBrains | All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, dotCover, dotPeek) | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jetbrains | Code With Me | | Unknown | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jetbrains | Code With Me | | | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Datalore | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JetBrains | Floating license server | | 30211 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JetBrains | Floating License Server | | 30241 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Gateway | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | Hub | | 2021.1.14080 | Fixed | [link](https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, Rider, RubyMine, WebStorm) | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1994,20 +2006,26 @@ NOTE: This file is automatically generated. To submit updates, please refer to | JetBrains | TeamCity | | | Not Affected | [link](https://youtrack.jetbrains.com/issue/TW-74298) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | ToolBox | | | Not Affected | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | UpSource | | 2020.1.1952 | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JetBrains | YouTrack InCloud | | Unknown | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JetBrains | YouTrack InCloud | | | Fixed | [link](https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | JetBrains | YouTrack Standalone | | 2021.4.35970 | Fixed | [link](https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| JFROG | | | | Unknown | [link](https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jitsi | | | | Unknown | [link](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jitterbit | | | | Unknown | [link](https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JFrog | All | | | Not Affected | [link](https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| JGraph | DrawIO | | | Not Affected | [link](https://github.com/jgraph/drawio/issues/2490) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jitsi | jitsi-videobridge | | v2.1-595-g3637fda42 | Fixed | [link](https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jitterbit | All | | | Unknown | [link](https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Johnson Controls | Athena | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | BCPro | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CEM AC2000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CEM Hardware Products | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | CK721-A (P2000) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CloudVue Gateway | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | CloudVue Web | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | C•CURE‐9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Connect24 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Connected Equipment Gateway (CEG) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Client | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Server | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE Web | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | C•CURE-9000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | DataSource | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | DLS | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Entrapass | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | exacqVision Client | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -2017,21 +2035,81 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Johnson Controls | Illustra Cameras | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Illustra Insight | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | iSTAR | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Kantech Entrapass | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Metasys Products and Tools | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Active Responder | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Bridge | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Chiller Utility Plant Optimizer | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Cloud | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Connected Chiller | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Enterprise Manager | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Location Manager | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Risk Insight | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Twin | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | OpenBlue Workplace | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | P2000 | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | PowerSeries NEO | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | PowerSeries Pro | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Qolsys IQ Panels | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | RFID Overhead360 Backend | | All | Fixed | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | S321-IP (P2000) | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Analytics (STaN) - Traffic | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Market Intelligence | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Perimeter Apps | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Shopper Journey | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | Shoppertrak Video Analytics | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Sur‐Gard Receivers | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Johnson Controls | TrueVue Cloud | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | Tyco AI | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | victor | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | victor/ C•CURE‐9000 Unified | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Johnson Controls | victor/ C•CURE‐9000 Unified | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Johnson Controls | VideoEdge | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Journyx | | | | Unknown | [link](https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Johnson Controls | Xaap | | | Not Affected | [link](https://www.johnsoncontrols.com/cyber-solutions/security-advisories) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Journyx | All | | | Unknown | [link](https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | jPOS | (ISO-8583) bridge | | | Not Affected | [link](https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Jump Desktop | | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Juniper Networks | | | | Unknown | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Justice Systems | | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Jump Desktop | All | | | Unknown | [link](https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Advanced Threat Prevention (JATP) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | AppFormix | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Apstra System | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Apstra System | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Connectivity Services Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Analytics | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Cloud | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Networking | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Contrail Service Orchestration | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Cross Provisioning Platform | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | CTPOS and CTPView | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | ICEAAA Manager | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | JATP Cloud | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Identity Management Services (JIMS) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Mist Edge | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Juniper Sky Enterprise | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos OS | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos OS Evolved | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Junos Space Network Management Platform | | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Mist AI | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Wi-Fi Assurance | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | MIST - Juniper Networks Wired Assurance | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Mist Access Points | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Network Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Northstar Controller | | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Northstar Planner | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Insights | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Pathfinder | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Paragon Planner | >= 21 version 21.1 ; >= 22 version 22.2 | | Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Policy Enforcer | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Products using Wind River Linux in Junos OS and Junos OS Evolved | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | ScreenOS | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | SecIntel | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Secure Analytics | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Security Director | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Security Director Insights | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Session Smart Router (Formerly 128T) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Space SDK | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | Standalone Log Collector 20.1 (as also used by Space Security Director) | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Juniper Networks | User Engagement Virtual BLE | | | Not Affected | [link](https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Justice Systems | All | | | Unknown | [link](https://www.justicesystems.com/services/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | K15t | All | | | Unknown | [link](https://help.k15t.com/k15t-apps-and-log4shell-193401141.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | K6 | All | | | Unknown | [link](https://k6.io/blog/k6-products-not-impacted-by-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Kaltura | Blackboard Learn SaaS in the classic Learn experience | | v3900.28.x | Fixed | [link](https://knowledge.kaltura.com/help/blackboard-learn-release-notes#blackboard-learn-december-2021-release-notes-v5412) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | diff --git a/data/cisagov.yml b/data/cisagov.yml index e3488a3..6ea4b0f 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -58140,7 +58140,7 @@ software: - '' last_updated: '2022-01-18T00:00:00' - vendor: Jamasoftware - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -58169,7 +58169,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Jamf - product: Jamf Pro + product: Jamf Cloud cves: cve-2021-4104: investigated: false @@ -58178,9 +58178,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 10.31.0 – 10.34.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -58198,8 +58198,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Janitza - product: GridVis + - vendor: Jamf + product: Jamf Connect cves: cve-2021-4104: investigated: false @@ -58211,7 +58211,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.82 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58223,13 +58223,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.janitza.com/us/gridvis-download.html + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' - last_updated: '2022-01-05T00:00:00' - - vendor: Jaspersoft - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Data Policy cves: cve-2021-4104: investigated: false @@ -58237,10 +58237,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58252,13 +58253,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jedox - product: '' + - vendor: Jamf + product: Jamf Health Care Listener cves: cve-2021-4104: investigated: false @@ -58266,10 +58267,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58281,13 +58283,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jedox.com/en/trust/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: CI/CD Core + - vendor: Jamf + product: Jamf Infrastructure Manager cves: cve-2021-4104: investigated: false @@ -58295,10 +58297,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58309,13 +58312,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jenkins - product: Plugins + - vendor: Jamf + product: Jamf Now cves: cve-2021-4104: investigated: false @@ -58323,10 +58327,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58338,14 +58343,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ - notes: '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: JetBrains - product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, - dotCover, dotPeek) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jamf + product: Jamf Private Access cves: cve-2021-4104: investigated: false @@ -58357,7 +58361,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58369,13 +58373,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jetbrains - product: Code With Me + - vendor: Jamf + product: Jamf Pro (On-Prem) cves: cve-2021-4104: investigated: false @@ -58386,7 +58390,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 10.34.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -58399,13 +58403,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Datalore + - vendor: Jamf + product: Jamf Protect cves: cve-2021-4104: investigated: false @@ -58417,7 +58421,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58429,13 +58433,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Floating license server + - vendor: Jamf + product: Jamf School cves: cve-2021-4104: investigated: false @@ -58445,9 +58449,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '30211' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58459,13 +58463,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Gateway + - vendor: Jamf + product: Jamf Threat Defense cves: cve-2021-4104: investigated: false @@ -58477,7 +58481,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58489,13 +58493,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://docs.jamf.com/technical-articles/Mitigating_the_Apache_Log4j_2_Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Hub + - vendor: Janitza + product: GridVis cves: cve-2021-4104: investigated: false @@ -58505,9 +58509,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 2021.1.14080 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - 8.0.82 cve-2021-45046: investigated: false affected_versions: [] @@ -58519,15 +58523,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ + - https://www.janitza.com/us/gridvis-download.html notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, - IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, - Rider, RubyMine, WebStorm) + last_updated: '2022-01-05T00:00:00' + - vendor: Jaspersoft + product: All cves: cve-2021-4104: investigated: false @@ -58535,11 +58537,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58551,13 +58552,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://community.jaspersoft.com/wiki/apache-log4j-vulnerability-update-jaspersoft-products notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Kotlin + - vendor: Java Melody + product: All cves: cve-2021-4104: investigated: false @@ -58567,9 +58568,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - 1.90.0 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58581,13 +58582,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://github.com/javamelody/javamelody/wiki/ReleaseNotes notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Ktor + - vendor: Jedox + product: All cves: cve-2021-4104: investigated: false @@ -58595,11 +58596,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58611,13 +58611,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jedox.com/en/trust/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: MPS + - vendor: Jenkins + product: CI cves: cve-2021-4104: investigated: false @@ -58629,7 +58629,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58641,13 +58641,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: Space + - vendor: Jenkins + product: CI/CD Core cves: cve-2021-4104: investigated: false @@ -58659,7 +58659,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58671,13 +58671,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: TeamCity + - vendor: Jenkins + product: Plugins cves: cve-2021-4104: investigated: false @@ -58685,11 +58685,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -58701,13 +58700,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://youtrack.jetbrains.com/issue/TW-74298 + - https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/ notes: '' references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' + - '[Instructions to test your installations in announcement](https://www.jenkins.io/blog/2021/12/10/log4j2-rce-CVE-2021-44228/)' + last_updated: '2021-12-16T00:00:00' - vendor: JetBrains - product: ToolBox + product: All .NET tools (ReSharper, Rider, ReSharper C++, dotTrace, dotMemory, + dotCover, dotPeek) cves: cve-2021-4104: investigated: false @@ -58719,7 +58719,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58736,8 +58736,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JetBrains - product: UpSource + - vendor: Jetbrains + product: Code With Me cves: cve-2021-4104: investigated: false @@ -58748,7 +58748,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2020.1.1952 + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -58767,7 +58767,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: YouTrack InCloud + product: Datalore cves: cve-2021-4104: investigated: false @@ -58777,9 +58777,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58797,7 +58797,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: JetBrains - product: YouTrack Standalone + product: Floating License Server cves: cve-2021-4104: investigated: false @@ -58808,7 +58808,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 2021.4.35970 + - '30241' unaffected_versions: [] cve-2021-45046: investigated: false @@ -58821,13 +58821,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: JFROG - product: '' + - vendor: JetBrains + product: Gateway cves: cve-2021-4104: investigated: false @@ -58835,10 +58835,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58850,13 +58851,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitsi - product: '' + - vendor: JetBrains + product: Hub cves: cve-2021-4104: investigated: false @@ -58864,9 +58865,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -58879,13 +58881,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + - https://blog.jetbrains.com/hub/2021/12/14/hub-update-regarding-log4j2-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jitterbit - product: '' + - vendor: JetBrains + product: IntelliJ platform based IDEs (AppCode, CLion, DataGrip, DataSpell, GoLand, + IntelliJ IDEA Ultimate/Community/Edu, PhpStorm, PyCharm Professional/Community/Edu, + Rider, RubyMine, WebStorm) cves: cve-2021-4104: investigated: false @@ -58893,10 +58897,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58908,13 +58913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Johnson Controls - product: BCPro + - vendor: JetBrains + product: Kotlin cves: cve-2021-4104: investigated: false @@ -58926,7 +58931,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58938,13 +58943,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM AC2000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Ktor cves: cve-2021-4104: investigated: false @@ -58956,7 +58961,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58968,13 +58973,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CEM Hardware Products + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: MPS cves: cve-2021-4104: investigated: false @@ -58986,7 +58991,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -58998,13 +59003,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: Space cves: cve-2021-4104: investigated: false @@ -59016,7 +59021,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59028,13 +59033,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: CloudVue Web + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: TeamCity cves: cve-2021-4104: investigated: false @@ -59046,7 +59051,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59058,13 +59063,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://youtrack.jetbrains.com/issue/TW-74298 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: ToolBox cves: cve-2021-4104: investigated: false @@ -59076,7 +59081,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.90.x (all 2.90 versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59088,13 +59093,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: UpSource cves: cve-2021-4104: investigated: false @@ -59104,9 +59109,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 2.80.x (all 2.80 versions) + fixed_versions: + - 2020.1.1952 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59118,13 +59123,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack InCloud cves: cve-2021-4104: investigated: false @@ -59134,9 +59139,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - 2.70 (All versions) + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.jetbrains.com/blog/2021/12/13/log4j-vulnerability-and-jetbrains-products-and-services/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JetBrains + product: YouTrack Standalone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2021.4.35970 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59148,13 +59183,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://blog.jetbrains.com/youtrack/2021/12/youtrack-update-regarding-log4j2-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: C•CURE‐9000 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JFrog + product: All cves: cve-2021-4104: investigated: false @@ -59166,7 +59201,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 2.60 (All versions) + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -59178,13 +59213,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://jfrog.com/knowledge-base/general-jfrog-services-are-not-affected-by-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: DLS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: JGraph + product: DrawIO cves: cve-2021-4104: investigated: false @@ -59196,7 +59231,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59208,13 +59243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://github.com/jgraph/drawio/issues/2490 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Johnson Controls - product: Entrapass + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitsi + product: jitsi-videobridge cves: cve-2021-4104: investigated: false @@ -59224,9 +59259,38 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - v2.1-595-g3637fda42 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - All versions + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jitsi/security-advisories/blob/4e1ab58585a8a0593efccce77d5d0e22c5338605/advisories/JSA-2021-0004.md + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jitterbit + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -59238,13 +59302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + - https://success.jitterbit.com/display/DOC/Mitigating+the+Apache+Log4j2+JNDI+Vulnerability notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Johnson Controls - product: exacqVision Client + product: Athena cves: cve-2021-4104: investigated: false @@ -59256,7 +59320,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59274,7 +59338,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision Server + product: BCPro cves: cve-2021-4104: investigated: false @@ -59286,7 +59350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59304,7 +59368,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: exacqVision WebService + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -59316,7 +59380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59334,7 +59398,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Facility Explorer + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -59346,7 +59410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 14.x + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59364,7 +59428,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Cameras + product: CK721-A (P2000) cves: cve-2021-4104: investigated: false @@ -59376,7 +59440,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59394,7 +59458,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Illustra Insight + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -59406,7 +59470,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59424,7 +59488,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: iSTAR + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -59436,7 +59500,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59454,7 +59518,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Metasys Products and Tools + product: Connect24 cves: cve-2021-4104: investigated: false @@ -59466,7 +59530,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59484,7 +59548,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries NEO + product: Connected Equipment Gateway (CEG) cves: cve-2021-4104: investigated: false @@ -59496,7 +59560,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59514,7 +59578,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: PowerSeries Pro + product: C•CURE Client cves: cve-2021-4104: investigated: false @@ -59526,7 +59590,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59544,7 +59608,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Qolsys IQ Panels + product: C•CURE Server cves: cve-2021-4104: investigated: false @@ -59556,7 +59620,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59574,7 +59638,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Sur‐Gard Receivers + product: C•CURE Web cves: cve-2021-4104: investigated: false @@ -59586,7 +59650,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59604,7 +59668,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Tyco AI + product: C•CURE-9000 cves: cve-2021-4104: investigated: false @@ -59616,7 +59680,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All versions + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x cve-2021-45046: investigated: false affected_versions: [] @@ -59634,7 +59701,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor + product: DataSource cves: cve-2021-4104: investigated: false @@ -59646,7 +59713,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59664,7 +59731,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: DLS cves: cve-2021-4104: investigated: false @@ -59676,7 +59743,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 + - All versions cve-2021-45046: investigated: false affected_versions: [] @@ -59694,7 +59761,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: victor/ C•CURE‐9000 Unified + product: Entrapass cves: cve-2021-4104: investigated: false @@ -59706,7 +59773,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90 + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59724,7 +59791,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: VideoEdge + product: exacqVision Client cves: cve-2021-4104: investigated: false @@ -59736,7 +59803,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 5.x + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59753,8 +59820,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Journyx - product: '' + - vendor: Johnson Controls + product: exacqVision Server cves: cve-2021-4104: investigated: false @@ -59762,10 +59829,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59777,13 +59845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: jPOS - product: (ISO-8583) bridge + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: exacqVision WebService cves: cve-2021-4104: investigated: false @@ -59795,7 +59863,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59807,13 +59875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Jump Desktop - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Facility Explorer cves: cve-2021-4104: investigated: false @@ -59821,10 +59889,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -59836,13 +59905,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Juniper Networks - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Cameras cves: cve-2021-4104: investigated: false @@ -59850,10 +59919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -59865,13 +59935,2288 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Justice Systems - product: '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Illustra Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: iSTAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Kantech Entrapass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Metasys Products and Tools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Active Responder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Chiller Utility Plant Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Connected Chiller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Enterprise Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Location Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Risk Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Twin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: OpenBlue Workplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: P2000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries NEO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: PowerSeries Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Qolsys IQ Panels + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: RFID Overhead360 Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: S321-IP (P2000) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Analytics (STaN) - Traffic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Market Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Perimeter Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Shopper Journey + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Shoppertrak Video Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Sur‐Gard Receivers + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: TrueVue Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Tyco AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All versions + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: victor/ C•CURE‐9000 Unified + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: VideoEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 5.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Johnson Controls + product: Xaap + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.johnsoncontrols.com/cyber-solutions/security-advisories + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Journyx + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.journyx.com/support/solutions/articles/9000209044-apache-log4j-2-vulnerability-cve-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: jPOS + product: (ISO-8583) bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/jpos/jPOS/commit/d615199a1bdd35c35d63c07c10fd0bdbbc96f625 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Jump Desktop + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.jumpdesktop.com/hc/en-us/articles/4416720395021-Log4j-CVE-2021-44228-CVE-2021-45046-Statement + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Advanced Threat Prevention (JATP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: AppFormix + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Apstra System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Connectivity Services Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Networking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Contrail Service Orchestration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Cross Provisioning Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: CTPOS and CTPView + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ICEAAA Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: JATP Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Identity Management Services (JIMS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Mist Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Juniper Sky Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Junos Space Network Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Mist AI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wi-Fi Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: MIST - Juniper Networks Wired Assurance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Mist Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Network Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Northstar Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Pathfinder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Paragon Planner + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>= 21 version 21.1 ; >= 22 version 22.2' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Policy Enforcer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Products using Wind River Linux in Junos OS and Junos OS Evolved + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: ScreenOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: SecIntel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Secure Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Security Director Insights + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Session Smart Router (Formerly 128T) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Space SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: Standalone Log Collector 20.1 (as also used by Space Security Director) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Juniper Networks + product: User Engagement Virtual BLE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11259 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Justice Systems + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_J.yml b/data/cisagov_J.yml index cbee29f..d50fefe 100644 --- a/data/cisagov_J.yml +++ b/data/cisagov_J.yml @@ -255,7 +255,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '10.34.1' + - 10.34.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -376,7 +376,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.82' + - 8.0.82 cve-2021-45046: investigated: false affected_versions: [] @@ -434,7 +434,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.90.0' + - 1.90.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -733,7 +733,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2021.1.14080' + - 2021.1.14080 unaffected_versions: [] cve-2021-45046: investigated: false @@ -975,7 +975,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2020.1.1952' + - 2020.1.1952 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1035,7 +1035,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2021.4.35970' + - 2021.4.35970 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1096,7 +1096,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1125,7 +1125,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v2.1-595-g3637fda42' + - v2.1-595-g3637fda42 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1185,7 +1185,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1215,7 +1215,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1233,7 +1233,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE Client + product: CEM AC2000 cves: cve-2021-4104: investigated: false @@ -1245,7 +1245,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1263,7 +1263,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE Server + product: CEM Hardware Products cves: cve-2021-4104: investigated: false @@ -1275,7 +1275,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1293,7 +1293,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE Web + product: CK721-A (P2000) cves: cve-2021-4104: investigated: false @@ -1305,7 +1305,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1323,7 +1323,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: C•CURE-9000 + product: CloudVue Gateway cves: cve-2021-4104: investigated: false @@ -1335,10 +1335,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2.90.x' - - '2.80.x' - - '2.70.x' - - '2.60.x' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1356,7 +1353,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM AC2000 + product: CloudVue Web cves: cve-2021-4104: investigated: false @@ -1368,7 +1365,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1386,7 +1383,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CEM Hardware Products + product: Connect24 cves: cve-2021-4104: investigated: false @@ -1398,7 +1395,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1416,7 +1413,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CK721-A (P2000) + product: Connected Equipment Gateway (CEG) cves: cve-2021-4104: investigated: false @@ -1428,7 +1425,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1446,7 +1443,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Gateway + product: C•CURE Client cves: cve-2021-4104: investigated: false @@ -1458,7 +1455,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1476,7 +1473,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: CloudVue Web + product: C•CURE Server cves: cve-2021-4104: investigated: false @@ -1488,7 +1485,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1506,7 +1503,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Connect24 + product: C•CURE Web cves: cve-2021-4104: investigated: false @@ -1518,7 +1515,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1536,7 +1533,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Johnson Controls - product: Connected Equipment Gateway (CEG) + product: C•CURE-9000 cves: cve-2021-4104: investigated: false @@ -1548,7 +1545,10 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - 2.90.x + - 2.80.x + - 2.70.x + - 2.60.x cve-2021-45046: investigated: false affected_versions: [] @@ -1578,7 +1578,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1638,7 +1638,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1668,7 +1668,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1698,7 +1698,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1728,7 +1728,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1758,7 +1758,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '14.x' + - 14.x cve-2021-45046: investigated: false affected_versions: [] @@ -1788,7 +1788,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1818,7 +1818,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1848,7 +1848,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1878,7 +1878,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1938,7 +1938,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1968,7 +1968,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1998,7 +1998,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2028,7 +2028,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2058,7 +2058,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2088,7 +2088,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2118,7 +2118,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2148,7 +2148,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2178,7 +2178,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2208,7 +2208,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2238,7 +2238,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2268,7 +2268,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2298,7 +2298,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2328,7 +2328,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2357,7 +2357,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -2388,7 +2388,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2418,7 +2418,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2448,7 +2448,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2478,7 +2478,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2508,7 +2508,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2538,7 +2538,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2568,7 +2568,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2598,7 +2598,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2658,7 +2658,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '5.x' + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -2688,7 +2688,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 2.90' + - 3.81.x / victor 5.4.1 / C•CURE‐9000 2.80 and 3.91.x / victor 5.6.1 / C•CURE‐9000 + 2.90 cve-2021-45046: investigated: false affected_versions: [] @@ -2718,7 +2719,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '5.x' + - 5.x cve-2021-45046: investigated: false affected_versions: [] @@ -2748,7 +2749,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3422,7 +3423,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: Mist Access Points + product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) cves: cve-2021-4104: investigated: false @@ -3434,7 +3435,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3452,7 +3453,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST - Juniper Networks Marvis Virtual Network Assistant (VNA) + product: MIST - Juniper Networks Mist AI cves: cve-2021-4104: investigated: false @@ -3482,7 +3483,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST - Juniper Networks Mist AI + product: MIST - Juniper Networks Wi-Fi Assurance cves: cve-2021-4104: investigated: false @@ -3512,7 +3513,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST - Juniper Networks Wi-Fi Assurance + product: MIST - Juniper Networks Wired Assurance cves: cve-2021-4104: investigated: false @@ -3542,7 +3543,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Juniper Networks - product: MIST - Juniper Networks Wired Assurance + product: Mist Access Points cves: cve-2021-4104: investigated: false @@ -3554,7 +3555,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - Any version on AP12, AP21, AP32, AP33, AP34, AP41, AP43, AP45, AP61, AP63 cve-2021-45046: investigated: false affected_versions: [] From b4ee4b16db9d1386de9f8c7026a449c2cb76c902 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 16:27:49 -0500 Subject: [PATCH 166/268] Add Xerox through Phaser products --- data/cisagov_X.yml | 1062 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1057 insertions(+), 5 deletions(-) diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index b107a72..507504e 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: XCP-ng - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -63,7 +64,277 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: '' + product: AltaLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core cves: cve-2021-4104: investigated: false @@ -71,10 +342,791 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Output Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Print Manager - APP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Variable Information Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -86,7 +1138,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' From 7e780a04ad29ace17aaf6a4f44a6318105dd9aa1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 16:35:05 -0500 Subject: [PATCH 167/268] Add Xerox products through WorkCentre --- data/cisagov_X.yml | 960 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 960 insertions(+) diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 507504e..4cea97a 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -1143,6 +1143,966 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7535 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: From 4b0649839dc245ba221a41527b37435d13ecb905 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 16:39:40 -0500 Subject: [PATCH 168/268] Add Xerox Versalink --- data/cisagov_X.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 4cea97a..158fe29 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -2103,6 +2103,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: From 8d3bb1d1676c9842ad422c26363655df479f39c6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 17:22:20 -0500 Subject: [PATCH 169/268] Add Xerox Xerox Products --- data/cisagov_X.yml | 1110 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 1110 insertions(+) diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 158fe29..b36c7ed 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -2103,6 +2103,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox product: Versalink Products cves: @@ -2133,6 +2163,1086 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workspace Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: From c9335d1b92cbbbf37ed538fc49ba4e1bd3f1514c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 4 Feb 2022 17:25:18 -0500 Subject: [PATCH 170/268] Add Xerox XMPie --- data/cisagov_X.yml | 90 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index b36c7ed..53db848 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -3243,6 +3243,96 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Omnichannel Communications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc product: '' cves: From a830981c62f83034d82c87d700ac5e6f61d58f8f Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 4 Feb 2022 22:31:27 +0000 Subject: [PATCH 171/268] Update the software list --- SOFTWARE-LIST.md | 112 +- data/cisagov.yml | 3252 +++++++++++++++++++++++++++++++++++++++++++- data/cisagov_X.yml | 98 +- 3 files changed, 3406 insertions(+), 56 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 56ad28e..ce6b25f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3256,9 +3256,117 @@ NOTE: This file is automatically generated. To submit updates, please refer to | WSO2 | Stream Integrator | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | WSO2 | Stream Integrator Tooling | | >= 1.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | | WSO2 | Stream Processor | | >= 4.0.0 | Fixed | [link](https://docs.wso2.com/pages/viewpage.action?pageId=180948677) | A temporary mitigation is available while vendor works on update. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | -| XCP-ng | | | | Unknown | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XCP-ng | All | | | Not Affected | [link](https://xcp-ng.org/forum/topic/5315/log4j-vulnerability-impact) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XenForo | | | | Unknown | [link](https://xenforo.com/community/threads/psa-potential-security-vulnerability-in-elasticsearch-5-via-apache-log4j-log4shell.201145/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xerox | | | | Unknown | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | AltaLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | CareAR | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8870 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 8880 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9201 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ColorQube 9301 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | DocuCentre SC2020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | ElemX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Core | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Express to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Makeready | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Output Manager | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Print Manager - APP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | FreeFlow Variable Information Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Perfecting Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Nuvera EA Production Systems | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3300 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3320 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3330 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3610 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 3635 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 4622 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6000 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6020 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6022 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6510 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6600 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 6700 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 7800 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Phaser 8860 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | PrimeLink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Versalink Products | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 33xx | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 3615 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4260 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 4265 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5135 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5150 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 53XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5645 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5740 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5745 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5755 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5765 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 58XX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5945 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 5955 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6025 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6400 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6515 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6605 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 6655 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7425 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7435 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7525 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7535 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7556 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7830 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7835 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7855 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre 7970i | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | WorkCentre ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Account Payable Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox App Gallery | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B1022/25 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B225 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox B310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Baltoro HF Inkjet Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Branded ConnectKey Applications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C230 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C235 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox C310 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Campaigns on Demand | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Color EC70 Printer | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D110 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox D95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Digital Mailroom Services | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ECXX | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED125 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox ED95A | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox iGen 5 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Instant Print Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Iridesse Production Press | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox J75 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Print and Scan Experience | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Team Availability Application | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 180 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 280 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 3100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Versant 4100 | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workflow Central Platform | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Kiosk | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workplace Suite | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | Xerox Workspace Cloud | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Data-Driven Print and VDP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Omnichannel Communications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xerox | XMPie Web to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XPertDoc | | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XPLG | | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | XWIKI | | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 6ea4b0f..2f07023 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -96386,7 +96386,7 @@ software: - '' last_updated: '2022-01-26T07:18:50+00:00' - vendor: XCP-ng - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -96394,10 +96394,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96444,7 +96445,247 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: '' + product: AltaLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: CareAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8870 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 8880 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9201 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ColorQube 9301 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: DocuCentre SC2020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: ElemX cves: cve-2021-4104: investigated: false @@ -96452,10 +96693,3011 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Core + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Express to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Makeready + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Output Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Print Manager - APP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: FreeFlow Variable Information Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Perfecting Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Nuvera EA Production Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3300 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3320 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3330 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3610 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 3635 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 4622 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6020 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6022 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6510 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6600 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 6700 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 7800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Phaser 8860 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: PrimeLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 33xx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 3615 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 4265 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5135 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5150 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 53XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5645 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5740 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5745 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5755 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5765 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 58XX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5945 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 5955 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6025 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6515 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6605 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 6655 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7425 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7435 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7525 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7535 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7556 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7830 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7835 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7855 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre 7970i + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: WorkCentre ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Account Payable Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox App Gallery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B1022/25 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B225 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox B310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Baltoro HF Inkjet Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Branded ConnectKey Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C230 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C235 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox C310 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Campaigns on Demand + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Color EC70 Printer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D110 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox D95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Digital Mailroom Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ECXX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED125 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox ED95A + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox iGen 5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Instant Print Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Intelligent Workplace Services (All Including XDM, XDA, CWW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Iridesse Production Press + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox J75 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Print and Scan Experience + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Team Availability Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 180 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 280 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 3100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Versant 4100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workflow Central Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Kiosk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workplace Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Xerox Workspace Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Data-Driven Print and VDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Omnichannel Communications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: XMPie Web to Print + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -96467,7 +99709,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2021/12/Xerox-Special-Bulletin-XRX21-021-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.6.pdf + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 notes: '' references: - '' diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index 53db848..b24b300 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -574,7 +574,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: PrimeLink Products + product: Phaser 3300 cves: cve-2021-4104: investigated: false @@ -604,7 +604,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3300 + product: Phaser 3320 cves: cve-2021-4104: investigated: false @@ -634,7 +634,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3320 + product: Phaser 3330 cves: cve-2021-4104: investigated: false @@ -664,7 +664,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3330 + product: Phaser 3435 cves: cve-2021-4104: investigated: false @@ -694,7 +694,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3435 + product: Phaser 3600 cves: cve-2021-4104: investigated: false @@ -724,7 +724,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3600 + product: Phaser 3610 cves: cve-2021-4104: investigated: false @@ -754,7 +754,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3610 + product: Phaser 3635 cves: cve-2021-4104: investigated: false @@ -784,7 +784,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 3635 + product: Phaser 4510 cves: cve-2021-4104: investigated: false @@ -814,7 +814,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 4510 + product: Phaser 4622 cves: cve-2021-4104: investigated: false @@ -844,7 +844,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 4622 + product: Phaser 6000 cves: cve-2021-4104: investigated: false @@ -874,7 +874,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6000 + product: Phaser 6020 cves: cve-2021-4104: investigated: false @@ -904,7 +904,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6020 + product: Phaser 6022 cves: cve-2021-4104: investigated: false @@ -934,7 +934,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6022 + product: Phaser 6280 cves: cve-2021-4104: investigated: false @@ -964,7 +964,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6280 + product: Phaser 6510 cves: cve-2021-4104: investigated: false @@ -994,7 +994,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6510 + product: Phaser 6600 cves: cve-2021-4104: investigated: false @@ -1024,7 +1024,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6600 + product: Phaser 6700 cves: cve-2021-4104: investigated: false @@ -1054,7 +1054,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 6700 + product: Phaser 7800 cves: cve-2021-4104: investigated: false @@ -1084,7 +1084,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 7800 + product: Phaser 8860 cves: cve-2021-4104: investigated: false @@ -1114,7 +1114,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox - product: Phaser 8860 + product: PrimeLink Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Xerox + product: Versalink Products cves: cve-2021-4104: investigated: false @@ -2133,36 +2163,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Xerox - product: Versalink Products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: Xerox product: Xerox Account Payable Services cves: From eaa56a552967be16e4f68b4f8939d2b7a0ab5105 Mon Sep 17 00:00:00 2001 From: Ebennetteng <60264726+Ebennetteng@users.noreply.github.com> Date: Mon, 7 Feb 2022 09:46:00 +0000 Subject: [PATCH 172/268] add --- data/cisagov_L.yml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index a1ffc81..9ddfc7c 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2825,6 +2825,35 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: '' + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' + references: + - '' + last_updated: '2022-02-07T07:10:00+00:00' - vendor: LogRhythm product: '' cves: From 36f2f9352097644a93f12ea14a97347cb9ae5234 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 12:33:08 -0500 Subject: [PATCH 173/268] remove entry to markdown --- SOFTWARE-LIST.md | 1 - 1 file changed, 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2a2a8d0..ce6b25f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2235,7 +2235,6 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | From c097be1e5f300f76bee1dca2d54110f5f45efdd1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 12:34:02 -0500 Subject: [PATCH 174/268] Update Logit.io product name --- data/cisagov_L.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index 9ddfc7c..ed1c621 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2826,7 +2826,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Logit.io - product: '' + product: Logit.io Platform cves: cve-2021-4104: investigated: true @@ -2837,7 +2837,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: true affected_versions: [] From 2d5443f4b731a1b3c2b1fc05346b32afeee6d17e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 7 Feb 2022 17:43:35 +0000 Subject: [PATCH 175/268] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 30 ++++++++++++++++++++++++++++++ data/cisagov_L.yml | 38 +++++++++++++++++++------------------- 3 files changed, 50 insertions(+), 19 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index ce6b25f..34819f2 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2235,6 +2235,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | LOGalyze | SIEM & log analyzer tool | v4.x | | Affected | [link](https://sourceforge.net/software/product/LOGalyze/) | local-log4j-vuln-scanner result: indicator for vulnerable component found in /logalyze/lib/log4j-1.2.17.jar (org/apache/log4j/net/SocketNode.class): log4j 1.2.17 | [Forks (github.com)](https://github.com/search?q=logalyzer&s=updated&type=Repositories) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | LogiAnalytics | | | | Unknown | [link](https://devnet.logianalytics.com/hc/en-us/articles/4415781801751-Statement-on-Log4j-Vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogicMonitor | LogicMonitor Platform | | | Unknown | [link](https://www.logicmonitor.com/support/log4shell-security-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Logit.io | Logit.io Platform | | | Not Affected | [link](https://logit.io/blog/post/logit-io-log4shell-security-update) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-07 | | LogMeIn | | | | Unknown | [link](https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | LogRhythm | | | | Unknown | [link](https://community.logrhythm.com/t5/Product-Security/LogRhythm-Response-to-the-Apache-Log4J-Vulnerability-Log4Shell/td-p/494068) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Looker | Looker | 21.0, 21.6, 21.12, 21.16, 21.18, 21.20 | | Affected | [link](https://docs.google.com/document/d/e/2PACX-1vQGN1AYNMHxsRQ9AZNu1bKyTGRUSK_9xkQBge-nu4p8PYvBKIYHhc3914KTfVtDFIXtDhc3k6SZnR2M/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 2f07023..78674ba 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -65900,6 +65900,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Logit.io + product: Logit.io Platform + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logit.io/blog/post/logit-io-log4shell-security-update + notes: '' + references: + - '' + last_updated: '2022-02-07T07:10:00+00:00' - vendor: LogMeIn product: '' cves: diff --git a/data/cisagov_L.yml b/data/cisagov_L.yml index ed1c621..36b25ab 100644 --- a/data/cisagov_L.yml +++ b/data/cisagov_L.yml @@ -2796,65 +2796,65 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: LogMeIn - product: '' + - vendor: Logit.io + product: Logit.io Platform cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 + - https://logit.io/blog/post/logit-io-log4shell-security-update notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Logit.io - product: Logit.io Platform + last_updated: '2022-02-07T07:10:00+00:00' + - vendor: LogMeIn + product: '' cves: cve-2021-4104: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logit.io/blog/post/logit-io-log4shell-security-update + - https://community.logmein.com/t5/LogMeIn-Central-Discussions/LOG4J-Vulnerability/m-p/280317/highlight/true#M8327 notes: '' references: - '' - last_updated: '2022-02-07T07:10:00+00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: LogRhythm product: '' cves: From 27b6a8ab773da8fcdd72d9eca5ac736154c4635e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 12:53:40 -0500 Subject: [PATCH 176/268] Update Xylem products --- data/cisagov_X.yml | 88 +++++++++++++++++++++++++++------------------- 1 file changed, 51 insertions(+), 37 deletions(-) diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index b24b300..f68b873 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -3334,7 +3334,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3363,7 +3363,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3392,7 +3392,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3429,9 +3429,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3458,9 +3459,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3487,9 +3489,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3516,9 +3519,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3545,9 +3549,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3574,8 +3579,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3603,8 +3609,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3632,9 +3639,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3661,9 +3669,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3692,8 +3701,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 + - '4.7 through 4.10' + - '4.4 through 4.6' - '4.2' fixed_versions: [] unaffected_versions: [] @@ -3723,11 +3732,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.7 through 4.10 - - 4.4 through 4.6 + affected_versions: [] + fixed_versions: + - '4.7 through 4.10' + - '4.4 through 4.6' - '4.2' - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -3754,9 +3763,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3783,8 +3793,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3812,9 +3823,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3841,9 +3853,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3870,9 +3883,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false From 1cd0242393dabb8e1394eac1e07c21e9a4194310 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 12:58:31 -0500 Subject: [PATCH 177/268] Update F-Secure products --- data/cisagov_F.yml | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index adcaaab..f3205e9 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -13,9 +13,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -43,9 +44,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '13 through 15' unaffected_versions: [] cve-2021-45046: investigated: false @@ -72,9 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -102,9 +104,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '13 through 15' unaffected_versions: [] cve-2021-45046: investigated: false @@ -132,9 +134,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '13 through 15' unaffected_versions: [] cve-2021-45046: investigated: false From 4798bc95140b85b3454bcea38e8cf79e73b448e7 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 7 Feb 2022 18:03:05 +0000 Subject: [PATCH 178/268] Update the software list --- SOFTWARE-LIST.md | 36 ++++++++++----------- data/cisagov.yml | 80 +++++++++++++++++++++++++++------------------- data/cisagov_X.yml | 8 ++--- 3 files changed, 69 insertions(+), 55 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 34819f2..4dad688 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -3368,25 +3368,25 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Xerox | XMPie Data-Driven Print and VDP | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Xerox | XMPie Omnichannel Communications | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Xerox | XMPie Web to Print | | | Not Affected | [link](https://securitydocs.business.xerox.com/wp-content/uploads/2022/01/Xerox-Special-Bulletin-Regarding-CVE-2021-44228-CVE-2021-45046-and-CVE-2021-45105-v1.7.pdf?_ga=2.84055769.1559902237.1644009323-1916165539.1644009323) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XPertDoc | | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XPLG | | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| XWIKI | | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Xylem | Aquatalk | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Avensor | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Analytics | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Automation Control Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus FieldLogic LogServer | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus Lighting Control | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus NetMetrics Configuration change complete | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| XPertDoc | All | | | Unknown | [link](https://kb.xpertdoc.com/pages/viewpage.action?pageId=87622727) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XPLG | All | | | Unknown | [link](https://www.xplg.com/log4j-vulnerability-exploit-log4shell-xplg-secure/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| XWIKI | All | | | Unknown | [link](https://forum.xwiki.org/t/log4j-cve-2021-44228-log4shell-zero-day-vulnerability/9557) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Xylem | Aquatalk | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Avensor | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Analytics | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Automation Control Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Cathodic Protection Mitigation in process Mitigation in process | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus FieldLogic LogServer | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus Lighting Control | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus NetMetrics Configuration change complete | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Xylem | Sensus RNI On Prem | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus RNI Saas | 4.7 through 4.10, 4.4 through 4.6, 4.2 | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Sensus SCS | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Smart Irrigation | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Water Loss Management (Visenti) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Xylem Cloud | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Xylem | Xylem Edge Gateway (xGW) | | | Unknown | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus RNI Saas | | 4.7 through 4.10, 4.4 through 4.6, 4.2 | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Sensus SCS | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Smart Irrigation | | | Affected | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Water Loss Management (Visenti) | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Xylem Cloud | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Xylem | Xylem Edge Gateway (xGW) | | | Fixed | [link](https://www.xylem.com/siteassets/about-xylem/cybersecurity/advisories/xylem-apache-log4j-xpsa-2021-005.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Yahoo | Vespa | | | Not Affected | [link](https://blog.vespa.ai/log4j-vulnerability/) | Your Vespa application may still be affected if log4j is included in your application package. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Yellowbrick | | | | Unknown | [link](https://support.yellowbrick.com/hc/en-us/articles/4412586575379-Security-Advisory-Yellowbrick-is-NOT-Affected-by-the-Log4Shell-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | YellowFin | All | | 8.0.10.3, 9.7.0.2 | Fixed | [link](https://community.yellowfinbi.com/announcement/notice-critical-vulnerability-in-log4j2) | v7 and v6 releases are not affected unless you have manually upgraded to Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 78674ba..5335cba 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -99745,7 +99745,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPertDoc - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -99774,7 +99774,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XPLG - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -99803,7 +99803,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: XWIKI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -99840,9 +99840,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -99869,9 +99870,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -99898,9 +99900,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -99927,9 +99930,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -99956,9 +99960,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -99985,8 +99990,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -100014,8 +100020,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -100043,9 +100050,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -100072,9 +100080,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -100134,11 +100143,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 4.7 through 4.10 - 4.4 through 4.6 - '4.2' - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -100165,9 +100174,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -100194,8 +100204,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -100223,9 +100234,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -100252,9 +100264,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -100281,9 +100294,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false diff --git a/data/cisagov_X.yml b/data/cisagov_X.yml index f68b873..2c6eb17 100644 --- a/data/cisagov_X.yml +++ b/data/cisagov_X.yml @@ -3701,8 +3701,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '4.7 through 4.10' - - '4.4 through 4.6' + - 4.7 through 4.10 + - 4.4 through 4.6 - '4.2' fixed_versions: [] unaffected_versions: [] @@ -3734,8 +3734,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.7 through 4.10' - - '4.4 through 4.6' + - 4.7 through 4.10 + - 4.4 through 4.6 - '4.2' unaffected_versions: [] cve-2021-45046: From 27b95db9f232d81e9bc546cff905e0b5b9129db5 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 13:10:07 -0500 Subject: [PATCH 179/268] Update F5, FedEx entries --- data/cisagov_F.yml | 74 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 56 insertions(+), 18 deletions(-) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index f3205e9..679f52c 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -167,7 +167,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 11.x - 16.x + - '11.x - 16.x' cve-2021-45046: investigated: false affected_versions: [] @@ -197,7 +197,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 7.x-8.x + - '7.x - 8.x' cve-2021-45046: investigated: false affected_versions: [] @@ -227,7 +227,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - '1.x' cve-2021-45046: investigated: false affected_versions: [] @@ -257,7 +257,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - '3.x' cve-2021-45046: investigated: false affected_versions: [] @@ -287,7 +287,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 3.x + - '3.x' cve-2021-45046: investigated: false affected_versions: [] @@ -317,7 +317,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x - 2.x + - '1.x - 2.x' cve-2021-45046: investigated: false affected_versions: [] @@ -347,7 +347,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - '1.x' cve-2021-45046: investigated: false affected_versions: [] @@ -377,7 +377,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - '1.x' cve-2021-45046: investigated: false affected_versions: [] @@ -407,7 +407,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - R19 - R25 + - 'R19 - R25' cve-2021-45046: investigated: false affected_versions: [] @@ -437,7 +437,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - '1.x' cve-2021-45046: investigated: false affected_versions: [] @@ -467,7 +467,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 1.x + - '1.x' cve-2021-45046: investigated: false affected_versions: [] @@ -495,8 +495,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + - '5.x' + - '5.2.0 CF1' + - '5.1.0 CF-30 - 5.1.0 CF-33' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -517,7 +518,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -546,7 +547,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -585,9 +586,46 @@ software: cve-2021-44228: investigated: false affected_versions: - - Unknown + - '340x' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: FedEx + product: Ship Manager Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: + - '3509' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -600,14 +638,14 @@ software: unaffected_versions: [] vendor_links: - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' From 6963d11f2755e93104882972b3b4b977aa78923b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 13:18:21 -0500 Subject: [PATCH 180/268] Add FileCap, FileZilla, etc. --- data/cisagov_F.yml | 91 +++++++++++++++++++++++++++++++++++++++------- 1 file changed, 77 insertions(+), 14 deletions(-) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 679f52c..4768e0c 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -661,7 +661,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v5 + - 'v5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -676,12 +676,13 @@ software: vendor_links: - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + is being developed to update to 2.16. No user interaction is required. This + advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: FileCap - product: '' + product: Plugins cves: cve-2021-4104: investigated: false @@ -689,10 +690,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileCap + product: Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '5.1.3' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -704,13 +736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCatalyst - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -739,7 +771,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileCloud - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -768,7 +800,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FileWave - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -796,8 +828,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FileZilla + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: FINVI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -826,7 +888,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FireDaemon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -855,7 +917,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fisher & Paykel Healthcare - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -863,10 +925,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -884,7 +947,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Flexagon - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -913,7 +976,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Flexera - product: '' + product: All cves: cve-2021-4104: investigated: false From fa7a10d128c3a5910294f881c2799ea54b5ee641 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 13:32:00 -0500 Subject: [PATCH 181/268] Add Forcepoint products --- data/cisagov_F.yml | 443 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 432 insertions(+), 11 deletions(-) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 4768e0c..74d2124 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -1005,7 +1005,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: DLP Manager + product: Advanced Malware Detection + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Behavioral Analytics cves: cve-2021-4104: investigated: false @@ -1029,12 +1059,42 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + product: Bitglass SSE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: CASB cves: cve-2021-4104: investigated: false @@ -1058,7 +1118,216 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Cloud Security Gateway (CSG) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Content Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DDP/DUP/DPS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Directory Synchronization + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: DLP Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Email Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Insider Threat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1071,10 +1340,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW Security Management Center + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1087,13 +1387,12 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + product: NGFW Virtual SMC Appliances cves: cve-2021-4104: investigated: false @@ -1101,10 +1400,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: NGFW VPN Client + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1117,7 +1447,7 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1130,10 +1460,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1146,12 +1507,12 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + product: Sidewinder cves: cve-2021-4104: investigated: false @@ -1159,10 +1520,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: User ID service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1175,7 +1567,36 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Forcepoint + product: Web Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' From cd802cffe518693cbc19b3829c0452fe34b3c66f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 15:25:05 -0500 Subject: [PATCH 182/268] Add Fortinet products --- data/cisagov_F.yml | 966 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 874 insertions(+), 92 deletions(-) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 74d2124..3640481 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -1601,7 +1601,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forescout - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1638,9 +1638,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1654,12 +1655,12 @@ software: unaffected_versions: [] vendor_links: - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable + notes: All other ForgeRock products not affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiAIOps + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -1667,9 +1668,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1688,7 +1690,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiAnalyzer + product: FortiADC cves: cve-2021-4104: investigated: false @@ -1696,10 +1698,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1717,7 +1720,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiAnalyzer Cloud + product: FortiAI cves: cve-2021-4104: investigated: false @@ -1725,10 +1728,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1746,7 +1750,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiAP + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -1754,9 +1758,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.0.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1775,7 +1780,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiAuthenticator + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -1783,10 +1788,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1804,7 +1810,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiCASB + product: FortiAnalyzer Big Cloud cves: cve-2021-4104: investigated: false @@ -1812,9 +1818,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '6.4.7' + - '7.0.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1833,7 +1841,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiConvertor + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -1841,10 +1849,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1862,7 +1871,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiDeceptor + product: FortiAP cves: cve-2021-4104: investigated: false @@ -1870,10 +1879,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1891,7 +1901,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiEDR Agent + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -1899,10 +1909,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1920,7 +1931,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiEDR Cloud + product: FortiCache cves: cve-2021-4104: investigated: false @@ -1928,10 +1939,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1949,7 +1961,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiGate Cloud + product: FortiCarrier cves: cve-2021-4104: investigated: false @@ -1957,10 +1969,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1978,7 +1991,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiGSLB Cloud + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -1986,9 +1999,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2007,7 +2021,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiMail + product: FortiClient cves: cve-2021-4104: investigated: false @@ -2015,10 +2029,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2036,7 +2051,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiManager + product: FortiClient Cloud cves: cve-2021-4104: investigated: false @@ -2044,10 +2059,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2065,7 +2081,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiManager Cloud + product: FortiClient EMS cves: cve-2021-4104: investigated: false @@ -2073,10 +2089,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2094,7 +2111,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiNAC + product: FortiConnect cves: cve-2021-4104: investigated: false @@ -2102,10 +2119,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2123,7 +2141,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiNAC + product: FortiConverter Portal cves: cve-2021-4104: investigated: false @@ -2131,8 +2149,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2152,7 +2171,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + product: FortiCWP cves: cve-2021-4104: investigated: false @@ -2160,9 +2179,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2181,7 +2201,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPhish Cloud + product: FortiDDoS cves: cve-2021-4104: investigated: false @@ -2189,10 +2209,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2210,7 +2231,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPolicy + product: FortiDDoS-F cves: cve-2021-4104: investigated: false @@ -2218,10 +2239,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2239,7 +2261,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPortal + product: FortiDeceptor cves: cve-2021-4104: investigated: false @@ -2247,10 +2269,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2268,7 +2291,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiRecorder + product: FortiEDR Agent cves: cve-2021-4104: investigated: false @@ -2276,10 +2299,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2297,7 +2321,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSIEM + product: FortiEDR Cloud cves: cve-2021-4104: investigated: false @@ -2305,8 +2329,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2326,7 +2351,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSOAR + product: FortiExtender Cloud cves: cve-2021-4104: investigated: false @@ -2334,10 +2359,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2355,7 +2381,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + product: FortiGate Cloud cves: cve-2021-4104: investigated: false @@ -2363,10 +2389,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2384,7 +2411,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + product: FortiGSLB Cloud cves: cve-2021-4104: investigated: false @@ -2392,10 +2419,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2413,7 +2441,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiToken Cloud + product: FortiInsight cves: cve-2021-4104: investigated: false @@ -2421,10 +2449,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2442,7 +2471,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiVoice + product: FortiIsolator cves: cve-2021-4104: investigated: false @@ -2450,9 +2479,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '2.3.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2471,7 +2501,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiWeb Cloud + product: FortiLAN Cloud cves: cve-2021-4104: investigated: false @@ -2479,10 +2509,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2500,7 +2561,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: ShieldX + product: FortiManager cves: cve-2021-4104: investigated: false @@ -2508,10 +2569,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2528,8 +2620,698 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FTAPI - product: '' + - vendor: Fortinet + product: FortiMonitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPenTest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPresence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSandbox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSASE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch Cloud in FortiLANCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiTester + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: All cves: cve-2021-4104: investigated: false From 54bad43402fc95be883358b71420051eb31c5c1d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 15:37:33 -0500 Subject: [PATCH 183/268] Add Fujitsu products --- data/cisagov_F.yml | 1264 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1262 insertions(+), 2 deletions(-) diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 3640481..148d3f3 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -3582,7 +3582,7 @@ software: - '' last_updated: '2022-02-02T00:00:00' - vendor: Fujitsu - product: '' + product: AIS Connect cves: cve-2021-4104: investigated: false @@ -3590,10 +3590,1270 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Bean Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Hardware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX900 MMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: eLux RP on FUTRO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS AB/HB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS8000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS DX/AF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS JX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT140/260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT20/40/60 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF MA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: FlexFrame + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: INTELLIEGDLE A/G + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: iRMC on PRIMERGY + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ISM for PRIMERGY, PQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: NECoP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openSEAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM (WebAdm.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PRIMEFLEX for MS S2D + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PTC Axeda (AIS Con.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SecDocs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView IM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM/UM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView RAID + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView Rem. Con. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView VIOM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA Pro. Mgmt. Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA SysRollout Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS Services for ISM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS UME + LinuxLife + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware Op. Mgr. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware vCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Web Transactions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3611,7 +4871,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth - product: FusionAuth + product: All cves: cve-2021-4104: investigated: false From f2a83e4b3238b81bc1910e06d146b83ffeb2c155 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 7 Feb 2022 20:44:36 +0000 Subject: [PATCH 184/268] Update the software list --- SOFTWARE-LIST.md | 204 ++- data/cisagov.yml | 3200 +++++++++++++++++++++++++++++++++++++++----- data/cisagov_F.yml | 112 +- 3 files changed, 3103 insertions(+), 413 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 4dad688..b622af4 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1188,11 +1188,11 @@ NOTE: This file is automatically generated. To submit updates, please refer to | eXtreme Hosting | | | | Unknown | [link](https://extremehosting.nl/log4shell-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Extreme Networks | | | | Unknown | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Extron | | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Elements Connector | | | Unknown | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Endpoint Proxy | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Messaging Security Gateway | | | Unknown | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Policy Manager | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F-Secure | Policy Manager Proxy | 13-15 | | Affected | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Elements Connector | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Endpoint Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Messaging Security Gateway | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Policy Manager | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F-Secure | Policy Manager Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | BIG-IP (all modules) | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | BIG-IQ Centralized Management | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | F5OS | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | @@ -1204,59 +1204,101 @@ NOTE: This file is automatically generated. To submit updates, please refer to | F5 | NGINX Plus | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | NGINX Service Mesh | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F5 | NGINX Unit | | | Not Affected | [link](https://support.f5.com/csp/article/K19026212) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| F5 | Traffix SDC | 5.x (5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33) | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FAST LTA | | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fastly | | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FedEx | Ship Manager Software | Unknown | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note: FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Fiix | Fiix CMMS Core | | v5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| FileCap | | | | Unknown | [link](https://mailchi.mp/3f82266e0717/filecap-update-version-511) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileCatalyst | | | | Unknown | [link](https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileCloud | | | | Unknown | [link](https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FileWave | | | | Unknown | [link](https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FINVI | | | | Unknown | [link](https://finvi.com/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FireDaemon | | | | Unknown | [link](https://kb.firedaemon.com/support/solutions/articles/4000178630) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fisher & Paykel Healthcare | | | | Unknown | [link](https://www.fphcare.com/us/our-company/contact-us/product-security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Flexagon | | | | Unknown | [link](https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Flexera | | | | Unknown | [link](https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | DLP Manager | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Forcepoint Cloud Security Gateway (CSG) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Next Generation Firewall (NGFW) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service and Sidewinder | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | One Endpoint | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forcepoint | Security Manager (Web, Email and DLP) | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Forescout | | | | Unknown | [link](https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ForgeRock | Autonomous Identity | | | Unknown | [link](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | all other ForgeRock products Not vulnerable | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAIOps | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAnalyzer | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAnalyzer Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAP | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiAuthenticator | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiCASB | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiConvertor | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiDeceptor | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiEDR Agent | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiEDR Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiGate Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiGSLB Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiMail | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiManager | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiManager Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiNAC | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiNAC | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPhish Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPolicy | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiPortal | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiRecorder | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSIEM | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSOAR | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSwicth Cloud in FortiLANCloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiSwitch & FortiSwitchManager | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiToken Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiVoice | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | FortiWeb Cloud | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Fortinet | ShieldX | | | Unknown | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FTAPI | | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| F5 | Traffix SDC | 5.x, 5.2.0 CF1, 5.1.0 CF-30 - 5.1.0 CF-33 | | Affected | [link](https://support.f5.com/csp/article/K19026212) | Vulnerable components: EMS-ELK components (Fluentd + Elastic Search + Kibana), Element Management System | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FAST LTA | All | | | Unknown | [link](https://blog.fast-lta.de/en/log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fastly | All | | | Unknown | [link](https://www.fastly.com/blog/digging-deeper-into-log4shell-0day-rce-exploit-found-in-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FedEx | Ship Manager Software | 340x | | Affected | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| FedEx | Ship Manager Software | | 3509 | Fixed | [link](https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4) | Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Fiix | Fiix CMMS Core | | v5 | Fixed | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| FileCap | Plugins | | | Not Affected | [link](https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCap | Server | | 5.1.3 | Fixed | [link](https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCatalyst | All | | | Unknown | [link](https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileCloud | All | | | Unknown | [link](https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileWave | All | | | Unknown | [link](https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FileZilla | All | | | Not Affected | [link](https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FINVI | All | | | Unknown | [link](https://finvi.com/support/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FireDaemon | All | | | Unknown | [link](https://kb.firedaemon.com/support/solutions/articles/4000178630) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fisher & Paykel Healthcare | All | | | Not Affected | [link](https://www.fphcare.com/us/our-company/contact-us/product-security/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Flexagon | All | | | Unknown | [link](https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Flexera | All | | | Unknown | [link](https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Advanced Malware Detection | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Behavioral Analytics | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Bitglass SSE | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | CASB | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Cloud Security Gateway (CSG) | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Content Gateway | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | DDP/DUP/DPS | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Directory Synchronization | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | DLP Manager | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Email Security | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Insider Threat | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Next Generation Firewall (NGFW) | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW Security Management Center | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW Virtual SMC Appliances | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | NGFW VPN Client | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | One Endpoint | | | Not Affected | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Security Manager (Web, Email and DLP) | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Sidewinder | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | User ID service | | | Fixed | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forcepoint | Web Security | | | Unknown | [link](https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Forescout | All | | | Unknown | [link](https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ForgeRock | Autonomous Identity | | | Fixed | [link](https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa) | All other ForgeRock products not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | Autonomous Identity | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiADC | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAI | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAIOps | | 1.0.2 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer Big Cloud | | 6.4.7, 7.0.2 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAnalyzer Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAP | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiAuthenticator | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCache | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCarrier | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCASB | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiClient EMS | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiConnect | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiConverter Portal | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiCWP | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDDoS | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDDoS-F | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiDeceptor | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiEDR Agent | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiEDR Cloud | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiExtender Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiGate Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiGSLB Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiInsight | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiIsolator | | 2.3.4 | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiLAN Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiMail | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiManager | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiManager Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiMonitor | | | Fixed | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiNAC | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiOS (includes FortiGate & FortiWiFi) | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPenTest | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPhish Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPolicy | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPortal | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiPresence | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiProxy | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiRecorder | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSandbox | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSASE | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSIEM | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSOAR | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSwitch & FortiSwitchManager | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiSwitch Cloud in FortiLANCloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiTester | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiToken Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiVoice | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWeb Cloud | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWLC | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | FortiWLM | | | Not Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fortinet | ShieldX | | | Affected | [link](https://www.fortiguard.com/psirt/FG-IR-21-245) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FTAPI | All | | | Unknown | [link](https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/#) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Fuji Electric | MONITOUCH TS1000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | MONITOUCH TS1000S series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | MONITOUCH TS2000 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | @@ -1265,8 +1307,50 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Fuji Electric | MONITOUCH X1 series | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | TELLUS and V-Server | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | | Fuji Electric | V-SFT | | | Not Affected | [link](https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | -| Fujitsu | | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| FusionAuth | FusionAuth | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | AIS Connect | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | Bean Connect | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BS2000 Hardware | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BS2000 Software | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BX400 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | BX900 MMB | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | eLux RP on FUTRO | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS AB/HB | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS CS800 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS CS8000 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS DX/AF | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS JX | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS LT140/260 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS LT20/40/60 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS SF | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ETERNUS SF MA | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | FlexFrame | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | INTELLIEGDLE A/G | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | iRMC on PRIMERGY | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ISM for PRIMERGY, PQ | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | NECoP | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openFT | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openSEAS | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openUTM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | openUTM (WebAdm.) | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | PRIMEFLEX for MS S2D | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | PTC Axeda (AIS Con.) | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SBAX2 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SBAX3 | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SecDocs | | | Fixed | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView IM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView OM | | | Fixed | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView OM/UM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView RAID | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView Rem. Con. | | | Unknown | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | ServerView VIOM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SOA Pro. Mgmt. Service | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SOA SysRollout Service | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS Services for ISM | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS UME + LinuxLife | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS VMware Op. Mgr. | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | SVS VMware vCenter | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Fujitsu | Web Transactions | | | Not Affected | [link](https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| FusionAuth | All | | | Not Affected | [link](https://fusionauth.io/blog/2021/12/10/log4j-fusionauth/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | GE Digital | All | | | Unknown | [link](https://digitalsupport.ge.com/communities/en_US/Alert/GE-Security-Advisories) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Digital Grid | All | | | Unknown | [link](https://digitalenergy.service-now.com/csm?id=kb_category&kb_category=b8bc715b879c89103f22a93e0ebb3585) | This advisory is available to customers only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | GE Gas Power | Asset Performance Management (APM) | | | Fixed | [link](https://www.ge.com/content/dam/cyber_security/global/en_US/pdfs/2022-01-21_GE_Gas_Power_Product_Security_Advisory-Log4J_Vulnerability_v3.pdf) | GE Digital has fixed the log4j issue on the APM. Validation and test completed in development environment and the team is currently deploying the fixes in the production environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 5335cba..b94a050 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -34779,9 +34779,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -34809,9 +34810,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34838,9 +34839,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -34868,9 +34870,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34898,9 +34900,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 13-15 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34961,7 +34963,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 7.x-8.x + - 7.x - 8.x cve-2021-45046: investigated: false affected_versions: [] @@ -35259,8 +35261,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.x (5.2.0 CF1 - - 5.1.0 CF-30 - 5.1.0 CF-33) + - 5.x + - 5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35281,7 +35284,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FAST LTA - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35310,7 +35313,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fastly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -35349,7 +35352,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - Unknown + - 340x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -35364,19 +35367,19 @@ software: unaffected_versions: [] vendor_links: - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 - notes: 'Note: FedEx is aware of the issue related to the Log4j Remote Code Execution + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution vulnerability affecting various Apache products. We are actively assessing the situation and taking necessary action as appropriate. As a result, we are temporarily unable to provide a link to download the FedEx Ship Manager software or generate product keys needed for registration of FedEx Ship Manager software. We are working to have this resolved as quickly as possible and apologize for the inconvenience. For related questions or the most updated information, customers should check - FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative.' + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Fiix - product: Fiix CMMS Core + - vendor: FedEx + product: Ship Manager Software cves: cve-2021-4104: investigated: false @@ -35384,10 +35387,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: - - v5 + - '3509' unaffected_versions: [] cve-2021-45046: investigated: false @@ -35400,14 +35403,20 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://www.fedex.com/en-us/shipping/ship-manager/software.html#tab-4 + notes: Note - FedEx is aware of the issue related to the Log4j Remote Code Execution + vulnerability affecting various Apache products. We are actively assessing the + situation and taking necessary action as appropriate. As a result, we are temporarily + unable to provide a link to download the FedEx Ship Manager software or generate + product keys needed for registration of FedEx Ship Manager software. We are + working to have this resolved as quickly as possible and apologize for the inconvenience. + For related questions or the most updated information, customers should check + FedEx Updates for Apache Log4j Issue or contact their Customer Technology representative. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: FileCap - product: '' + - vendor: Fiix + product: Fiix CMMS Core cves: cve-2021-4104: investigated: false @@ -35415,9 +35424,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - v5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -35430,13 +35440,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://mailchi.mp/3f82266e0717/filecap-update-version-511 - notes: '' + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: The product has been updated to Log4j version 2.15. An additional patch + is being developed to update to 2.16. No user interaction is required. This + advisory is available to customer only and has not been reviewed by CISA. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCatalyst - product: '' + last_updated: '2021-12-15T00:00:00' + - vendor: FileCap + product: Plugins cves: cve-2021-4104: investigated: false @@ -35444,10 +35456,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35459,13 +35472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileCloud - product: '' + - vendor: FileCap + product: Server cves: cve-2021-4104: investigated: false @@ -35473,9 +35486,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 5.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -35488,13 +35502,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers + - https://filecap.com/blog-posts/detecteer-log4shell-exploitatie-pogingen notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FileWave - product: '' + - vendor: FileCatalyst + product: All cves: cve-2021-4104: investigated: false @@ -35517,13 +35531,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 + - https://support.filecatalyst.com/index.php/Knowledgebase/Article/View/advisory-log4j-zero-day-security-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FINVI - product: '' + - vendor: FileCloud + product: All cves: cve-2021-4104: investigated: false @@ -35546,13 +35560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://finvi.com/support/ + - https://www.getfilecloud.com/supportdocs/display/cloud/Advisory+2021-12-2+Impact+of+Apache+Log4j2+Vulnerability+on+FileCloud+Customers notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FireDaemon - product: '' + - vendor: FileWave + product: All cves: cve-2021-4104: investigated: false @@ -35575,13 +35589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.firedaemon.com/support/solutions/articles/4000178630 + - https://kb.filewave.com/display/KB/Security+Notice:+Apache+log4j+Vulnerability+CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fisher & Paykel Healthcare - product: '' + - vendor: FileZilla + product: All cves: cve-2021-4104: investigated: false @@ -35589,10 +35603,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35604,13 +35619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fphcare.com/us/our-company/contact-us/product-security/ + - https://forum.filezilla-project.org/viewtopic.php?f=6&t=54338 notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Flexagon - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FINVI + product: All cves: cve-2021-4104: investigated: false @@ -35633,13 +35648,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ + - https://finvi.com/support/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Flexera - product: '' + - vendor: FireDaemon + product: All cves: cve-2021-4104: investigated: false @@ -35662,13 +35677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 + - https://kb.firedaemon.com/support/solutions/articles/4000178630 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: DLP Manager + - vendor: Fisher & Paykel Healthcare + product: All cves: cve-2021-4104: investigated: false @@ -35676,10 +35691,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35691,13 +35707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://www.fphcare.com/us/our-company/contact-us/product-security/ notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Forcepoint Cloud Security Gateway (CSG) + last_updated: '2021-12-21T00:00:00' + - vendor: Flexagon + product: All cves: cve-2021-4104: investigated: false @@ -35720,13 +35736,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://flexagon.com/what-is-the-impact-of-log4j-vulnerability-cve-2021-44228-on-flexdeploy/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forcepoint - product: Next Generation Firewall (NGFW) + - vendor: Flexera + product: All cves: cve-2021-4104: investigated: false @@ -35749,14 +35765,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + - https://community.flexera.com/t5/Community-Notices/Flexera-s-response-to-Apache-Log4j-2-remote-code-execution/ba-p/216934 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Next Generation Firewall, NGFW VPN Client, Forcepoint User ID service - and Sidewinder + product: Advanced Malware Detection cves: cve-2021-4104: investigated: false @@ -35764,10 +35779,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35780,12 +35796,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: One Endpoint + product: Behavioral Analytics cves: cve-2021-4104: investigated: false @@ -35809,12 +35826,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Forcepoint - product: Security Manager (Web, Email and DLP) + product: Bitglass SSE cves: cve-2021-4104: investigated: false @@ -35822,10 +35840,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35838,12 +35857,13 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Forescout - product: '' + - vendor: Forcepoint + product: CASB cves: cve-2021-4104: investigated: false @@ -35866,13 +35886,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ForgeRock - product: Autonomous Identity + - vendor: Forcepoint + product: Cloud Security Gateway (CSG) cves: cve-2021-4104: investigated: false @@ -35880,10 +35901,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35895,13 +35917,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa - notes: all other ForgeRock products Not vulnerable + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAIOps + - vendor: Forcepoint + product: Content Gateway cves: cve-2021-4104: investigated: false @@ -35909,10 +35932,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35924,13 +35948,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer + - vendor: Forcepoint + product: DDP/DUP/DPS cves: cve-2021-4104: investigated: false @@ -35953,13 +35978,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAnalyzer Cloud + - vendor: Forcepoint + product: Directory Synchronization cves: cve-2021-4104: investigated: false @@ -35967,10 +35993,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -35982,13 +36009,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAP + - vendor: Forcepoint + product: DLP Manager cves: cve-2021-4104: investigated: false @@ -35996,9 +36024,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36011,13 +36040,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiAuthenticator + - vendor: Forcepoint + product: Email Security cves: cve-2021-4104: investigated: false @@ -36025,10 +36055,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36040,13 +36071,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiCASB + - vendor: Forcepoint + product: Insider Threat cves: cve-2021-4104: investigated: false @@ -36054,10 +36086,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36069,13 +36102,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' - references: + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiConvertor + - vendor: Forcepoint + product: Next Generation Firewall (NGFW) cves: cve-2021-4104: investigated: false @@ -36083,10 +36117,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36098,13 +36133,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiDeceptor + - vendor: Forcepoint + product: NGFW Security Management Center cves: cve-2021-4104: investigated: false @@ -36112,9 +36148,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36127,13 +36164,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Agent + - vendor: Forcepoint + product: NGFW Virtual SMC Appliances cves: cve-2021-4104: investigated: false @@ -36141,9 +36179,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36156,13 +36195,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiEDR Cloud + - vendor: Forcepoint + product: NGFW VPN Client cves: cve-2021-4104: investigated: false @@ -36170,9 +36210,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36185,13 +36226,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGate Cloud + - vendor: Forcepoint + product: One Endpoint cves: cve-2021-4104: investigated: false @@ -36199,10 +36241,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36214,13 +36257,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiGSLB Cloud + - vendor: Forcepoint + product: Security Manager (Web, Email and DLP) cves: cve-2021-4104: investigated: false @@ -36228,9 +36272,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36243,13 +36288,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiMail + - vendor: Forcepoint + product: Sidewinder cves: cve-2021-4104: investigated: false @@ -36257,9 +36303,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36272,13 +36319,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager + - vendor: Forcepoint + product: User ID service cves: cve-2021-4104: investigated: false @@ -36286,9 +36334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36301,13 +36350,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiManager Cloud + - vendor: Forcepoint + product: Web Security cves: cve-2021-4104: investigated: false @@ -36330,13 +36380,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + - vendor: Forescout + product: All cves: cve-2021-4104: investigated: false @@ -36359,13 +36410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 + - https://forescout.force.com/support/s/article/Important-security-information-related-to-Apache-Log4j-utility-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fortinet - product: FortiNAC + - vendor: ForgeRock + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -36373,9 +36424,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36388,13 +36440,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.fortiguard.com/psirt/FG-IR-21-245 - notes: '' + - https://backstage.forgerock.com/knowledge/kb/book/b21824339#1_bzBa + notes: All other ForgeRock products not affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiOS (includes FortiGate & FortiWiFi) + product: Autonomous Identity cves: cve-2021-4104: investigated: false @@ -36402,9 +36454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36423,7 +36476,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPhish Cloud + product: FortiADC cves: cve-2021-4104: investigated: false @@ -36431,10 +36484,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36452,7 +36506,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPolicy + product: FortiAI cves: cve-2021-4104: investigated: false @@ -36460,10 +36514,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36481,7 +36536,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiPortal + product: FortiAIOps cves: cve-2021-4104: investigated: false @@ -36489,9 +36544,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -36510,7 +36566,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiRecorder + product: FortiAnalyzer cves: cve-2021-4104: investigated: false @@ -36518,10 +36574,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36539,7 +36596,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSIEM + product: FortiAnalyzer Big Cloud cves: cve-2021-4104: investigated: false @@ -36547,9 +36604,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.4.7 + - 7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -36568,7 +36627,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSOAR + product: FortiAnalyzer Cloud cves: cve-2021-4104: investigated: false @@ -36576,10 +36635,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36597,7 +36657,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwicth Cloud in FortiLANCloud + product: FortiAP cves: cve-2021-4104: investigated: false @@ -36605,10 +36665,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36626,7 +36687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + product: FortiAuthenticator cves: cve-2021-4104: investigated: false @@ -36634,10 +36695,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36655,7 +36717,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiToken Cloud + product: FortiCache cves: cve-2021-4104: investigated: false @@ -36663,10 +36725,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36684,7 +36747,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiVoice + product: FortiCarrier cves: cve-2021-4104: investigated: false @@ -36692,10 +36755,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36713,7 +36777,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiWeb Cloud + product: FortiCASB cves: cve-2021-4104: investigated: false @@ -36721,9 +36785,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -36742,7 +36807,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: ShieldX + product: FortiClient cves: cve-2021-4104: investigated: false @@ -36750,10 +36815,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36770,8 +36836,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: FTAPI - product: '' + - vendor: Fortinet + product: FortiClient Cloud cves: cve-2021-4104: investigated: false @@ -36779,10 +36845,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -36794,16 +36861,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Fuji Electric - product: MONITOUCH TS1000 series + - vendor: Fortinet + product: FortiClient EMS cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36812,28 +36879,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH TS1000S series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConnect cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36842,28 +36909,2429 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiConverter Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiCWP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDDoS-F + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiDeceptor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiEDR Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiExtender Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGate Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiGSLB Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiIsolator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiLAN Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMail + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiManager Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiMonitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiNAC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiOS (includes FortiGate & FortiWiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPenTest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPhish Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPolicy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPortal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiPresence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiProxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiRecorder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSandbox + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSASE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSIEM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSOAR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch & FortiSwitchManager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiSwitch Cloud in FortiLANCloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiTester + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiToken Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiVoice + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWeb Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: FortiWLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fortinet + product: ShieldX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.fortiguard.com/psirt/FG-IR-21-245 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: FTAPI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ftapi.com/blog/kritische-sicherheitslucke-in-log4j-ftapi-reagiert/# + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS1000S series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH TS2000 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V8 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH V9 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: MONITOUCH X1 series + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: TELLUS and V-Server + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 3 + - Version 4 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fuji Electric + product: V-SFT + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Version 5 + - Version 6 + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + notes: '' + references: + - '' + last_updated: '2022-02-02T00:00:00' + - vendor: Fujitsu + product: AIS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Bean Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Hardware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BS2000 Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX400 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: BX900 MMB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: eLux RP on FUTRO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS AB/HB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS800 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS CS8000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS DX/AF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS JX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT140/260 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS LT20/40/60 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ETERNUS SF MA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: FlexFrame + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: INTELLIEGDLE A/G + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: iRMC on PRIMERGY + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ISM for PRIMERGY, PQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: NECoP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openFT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openSEAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: openUTM (WebAdm.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PRIMEFLEX for MS S2D + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: PTC Axeda (AIS Con.) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SBAX3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SecDocs + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView IM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH TS2000 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM cves: cve-2021-4104: - investigated: '' + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView OM/UM + cves: + cve-2021-4104: + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36872,28 +39340,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V8 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView RAID cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36902,28 +39370,57 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH V9 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView Rem. Con. cves: cve-2021-4104: - investigated: '' + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: ServerView VIOM + cves: + cve-2021-4104: + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36932,28 +39429,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: MONITOUCH X1 series + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA Pro. Mgmt. Service cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36962,28 +39459,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: TELLUS and V-Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SOA SysRollout Service cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -36992,29 +39489,28 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Version 3 - - Version 4 + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Fuji Electric - product: V-SFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS Services for ISM cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -37023,26 +39519,85 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Version 5 - - Version 6 + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://monitouch.fujielectric.com/site/download-e/other/NVD%20CVE-2021-44228_en.pdf + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fujitsu - product: '' + product: SVS UME + LinuxLife + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware Op. Mgr. + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: SVS VMware vCenter cves: cve-2021-4104: investigated: false @@ -37050,10 +39605,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.ts.fujitsu.com/ProductSecurity/content/Fujitsu-PSIRT-PSS-IS-2021-121000-Security-Notice-SF.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Fujitsu + product: Web Transactions + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -37071,7 +39657,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: FusionAuth - product: FusionAuth + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_F.yml b/data/cisagov_F.yml index 148d3f3..37e960c 100644 --- a/data/cisagov_F.yml +++ b/data/cisagov_F.yml @@ -46,7 +46,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '13 through 15' + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -106,7 +106,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '13 through 15' + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -136,7 +136,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '13 through 15' + - 13 through 15 unaffected_versions: [] cve-2021-45046: investigated: false @@ -167,7 +167,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '11.x - 16.x' + - 11.x - 16.x cve-2021-45046: investigated: false affected_versions: [] @@ -197,7 +197,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '7.x - 8.x' + - 7.x - 8.x cve-2021-45046: investigated: false affected_versions: [] @@ -227,7 +227,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.x' + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -257,7 +257,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.x' + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -287,7 +287,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.x' + - 3.x cve-2021-45046: investigated: false affected_versions: [] @@ -317,7 +317,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.x - 2.x' + - 1.x - 2.x cve-2021-45046: investigated: false affected_versions: [] @@ -347,7 +347,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.x' + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -377,7 +377,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.x' + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -407,7 +407,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'R19 - R25' + - R19 - R25 cve-2021-45046: investigated: false affected_versions: [] @@ -437,7 +437,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.x' + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -467,7 +467,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.x' + - 1.x cve-2021-45046: investigated: false affected_versions: [] @@ -495,9 +495,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '5.x' - - '5.2.0 CF1' - - '5.1.0 CF-30 - 5.1.0 CF-33' + - 5.x + - 5.2.0 CF1 + - 5.1.0 CF-30 - 5.1.0 CF-33 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -586,7 +586,7 @@ software: cve-2021-44228: investigated: false affected_versions: - - '340x' + - 340x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -661,7 +661,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v5' + - v5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -723,7 +723,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.1.3' + - 5.1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1030,7 +1030,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1059,7 +1060,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1089,7 +1091,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1118,7 +1121,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1148,7 +1152,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1178,7 +1183,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1207,7 +1213,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1237,7 +1244,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1267,7 +1275,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1297,7 +1306,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1327,7 +1337,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1357,7 +1368,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1387,7 +1399,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1417,7 +1430,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1447,7 +1461,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1477,7 +1492,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1507,7 +1523,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1537,7 +1554,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1567,7 +1585,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1596,7 +1615,8 @@ software: unaffected_versions: [] vendor_links: - https://support.forcepoint.com/s/login/?ec=302&startURL=%2Fs%2F - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1761,7 +1781,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.0.2' + - 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1821,8 +1841,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.4.7' - - '7.0.2' + - 6.4.7 + - 7.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2482,7 +2502,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.3.4' + - 2.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3041,7 +3061,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch Cloud in FortiLANCloud + product: FortiSwitch & FortiSwitchManager cves: cve-2021-4104: investigated: false @@ -3071,7 +3091,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Fortinet - product: FortiSwitch & FortiSwitchManager + product: FortiSwitch Cloud in FortiLANCloud cves: cve-2021-4104: investigated: false From 4c0590544d8f8bc283303fa640c7adcc808ba470 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 15:50:56 -0500 Subject: [PATCH 185/268] Add Paesslet, Update Palantir products --- data/cisagov_P.yml | 68 ++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 66 insertions(+), 2 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 25aa4c8..43872f2 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -4,8 +4,38 @@ owners: - name: cisagov url: https://github.com/cisagov/log4j-affected-db software: + - vendor: Paessler + product: PRTG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: PagerDuty - product: PagerDuty SaaS + product: PagerDuty Rundeck cves: cve-2021-4104: investigated: false @@ -13,10 +43,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.3+' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -48,7 +112,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - 'All' unaffected_versions: [] cve-2021-45046: investigated: false From 92ec811f7ed83543ecaf1fe4815b5a99ab6b6bb1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:02:21 -0500 Subject: [PATCH 186/268] Update Palo-Alto products --- data/cisagov_P.yml | 178 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 143 insertions(+), 35 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 43872f2..6e4e3fe 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -234,10 +234,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -263,10 +264,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -292,10 +294,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -321,10 +324,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -350,10 +354,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -379,10 +384,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Exact Data Matching CLI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -408,10 +444,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -437,10 +474,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -466,10 +504,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -495,10 +534,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-DB Private Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -524,10 +594,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -554,11 +625,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.0' - - '9.1' - - '10.0' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '9.0.15' + - '9.1.12-h3' + - '10.0.8-h8' unaffected_versions: [] cve-2021-45046: investigated: false @@ -587,10 +658,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -616,10 +688,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -645,10 +718,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma SD-WAN (CloudGenix) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -674,10 +778,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -703,10 +808,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -732,10 +838,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -761,10 +868,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From b0c20b122b6c342d14a1c43adc88c0289305cedf Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:09:28 -0500 Subject: [PATCH 187/268] Add Papercut products --- data/cisagov_P.yml | 228 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 220 insertions(+), 8 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 6e4e3fe..4822313 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -1430,7 +1430,7 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panopto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1458,6 +1458,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PaperCut + product: PaperCut Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' - vendor: PaperCut product: PaperCut MF cves: @@ -1483,13 +1513,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MobilityPrint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MultiVerse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' - vendor: PaperCut product: PaperCut NG cves: @@ -1515,15 +1605,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Parallels - product: '' + - vendor: PaperCut + product: PaperCut Online Services cves: cve-2021-4104: investigated: false @@ -1531,10 +1621,131 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Pocket + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Print Logger + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Views + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: Remote Application Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -1552,7 +1763,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Parse.ly - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1589,10 +1800,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 96ea96a11a728324ef900e3ef4eb2c657a0d6f24 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:14:39 -0500 Subject: [PATCH 188/268] Add PDX, Personio, etc. --- data/cisagov_P.yml | 102 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 96 insertions(+), 6 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4822313..df00c13 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -1822,8 +1822,8 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: Pega - product: '' + - vendor: PDQ + product: Deploy cves: cve-2021-4104: investigated: false @@ -1846,13 +1846,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PDQ + product: Inventory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Pega + product: Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7.3.x - 8.6.x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: Hotfixes made available for registered customers by Pega. When using Stream nodes, + the embedded Kafka instances require a separate hotfix to be installed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pentaho - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1881,7 +1941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pepperl+Fuchs - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1910,7 +1970,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Percona - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1938,6 +1998,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Personio + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.personio.de/incidents/kn4c6mf6lpdv + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pexip product: '' cves: From 26bb2108ef60b6bd54b9f45231cbbc5b0f3fa5a5 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 7 Feb 2022 16:21:01 -0500 Subject: [PATCH 189/268] Add Pexip products --- data/cisagov_P.yml | 245 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 243 insertions(+), 2 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index df00c13..4f73194 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2029,7 +2029,217 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pexip - product: '' + product: Endpoint Activation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Eptools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity Connect Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Microsoft Teams Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: My Meeting Video + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Reverse Proxy and TURN Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Service cves: cve-2021-4104: investigated: false @@ -2037,10 +2247,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: VMR Self-Service Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2058,7 +2299,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Phenix Id - product: '' + product: All cves: cve-2021-4104: investigated: false From 11ef0d7d70b6c1fe7c0e76b5f4adea522f635b4b Mon Sep 17 00:00:00 2001 From: 00gh <00gh> Date: Fri, 4 Feb 2022 23:27:02 +0100 Subject: [PATCH 190/268] Removed incorrect usage of escape codes in yml. The incorrect escape codes are removed. This will also result in the removal of (incorrect) escape codes in the generated markdown file. --- data/cisagov_G.yml | 2 +- data/cisagov_S.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_G.yml b/data/cisagov_G.yml index 65b7c07..394687e 100644 --- a/data/cisagov_G.yml +++ b/data/cisagov_G.yml @@ -4365,7 +4365,7 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + notes: Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 7b7bf71..97fbbe5 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -3753,7 +3753,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + notes: The vulnerability will be patch/mitigated in upcoming releases/patches. references: - '' last_updated: '2021-12-22T00:00:00' From 2ab22b01c332bbaa67d970bc166776d59cb7d2b5 Mon Sep 17 00:00:00 2001 From: Cassio Goldschmidt Date: Mon, 7 Feb 2022 22:48:07 -0800 Subject: [PATCH 191/268] Update cisagov_S.yml Servicetitan.com status update --- data/cisagov_S.yml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 7b7bf71..90a274e 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -2642,6 +2642,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceTitan + product: ServiceTitan + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + vendor_links: + - https://security.servicetitan.com/ + notes: '' + references: + - '' + last_updated: '2022-02-07T00:00:00' - vendor: Shibboleth product: '' cves: From 725cdd8ad327a28efd82c577e3356f408298555f Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 8 Feb 2022 13:09:20 +0000 Subject: [PATCH 192/268] Update the software list --- SOFTWARE-LIST.md | 4 ++-- data/cisagov.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index b622af4..780c982 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1490,7 +1490,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Google Cloud | Human-in-the-Loop AI | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | IoT Core | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Key Access Justifications (KAJ) | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | +| Google Cloud | Looker | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that the vulnerability is mitigated. We continue to actively work with the vendors to deploy a fix for these drivers. Looker customers who self-manage their Looker instances have received instructions through their technical contacts on how to take the necessary steps to address the vulnerability. Looker customers who have questions or require assistance, please visit Looker Support. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-18 | | Google Cloud | Media Translation API | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Google Cloud | Memorystore | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Google Cloud | Migrate for Anthos | | | Not Affected | [link](https://cloud.google.com/log4j2-security-advisory) | Product does not use Log4j 2 and is not impacted by the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | @@ -2903,7 +2903,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Siemens Healthineers | Somatom Emotion Som5 VC50 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | Somatom Scope Som5 VC50 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | evaluation ongoing | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | Syngo Carbon Space VA10A / VA10A-CUT2 / VA20A | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Siemens Healthineers | Syngo MobileViewer VA10A | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | The vulnerability will be patch/mitigated in upcoming releases\patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Siemens Healthineers | Syngo MobileViewer VA10A | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | The vulnerability will be patch/mitigated in upcoming releases/patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo Plaza VB20A / VB20A_HF01 - HF07 / VB30A / VB30A_HF01 / VB30A_HF02 / VB30B / VB30C / VB30C_HF01 - HF06 / VB30C_HF91 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo Workflow MLR VB37A / VB37A_HF01 / VB37A_HF02 / VB37B / VB37B_HF01 - HF07 / VB37B_HF93 / VB37B_HF94 / VB37B_HF96 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Please contact your Customer Service to get support on mitigating the vulnerability. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Siemens Healthineers | syngo.via VB20A / VB20A_HF01 - HF08 / VB20A_HF91 / VB20B / VB30A / VB30A_HF01 - VB30A_HF08 / VB30A_HF91VB30B / VB30B_HF01 / VB40A / VB40A_HF01 - HF02 /VB40B / VB40B_HF01 - HF05 / VB50A / VB50A_CUT / VB50A_D4VB50B / VB50B_HF01 - HF03 / VB60A / VB60A_CUT / VB60A_D4 / VB60A_HF01 | | | Unknown | [link](https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228) | Workaround: remove the vulnerable class from the .jar file | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | diff --git a/data/cisagov.yml b/data/cisagov.yml index b94a050..3c5a1cc 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -44047,7 +44047,7 @@ software: unaffected_versions: [] vendor_links: - https://cloud.google.com/log4j2-security-advisory - notes: \Looker-hosted instances have been updated to a Looker version with Log4j v2.16. + notes: Looker-hosted instances have been updated to a Looker version with Log4j v2.16. Looker is currently working with third-party driver vendors to evaluate the impact of the Log4j vulnerability. As Looker does not enable logging for these drivers in Looker-hosted instances, no messages are logged. We conclude that @@ -85927,7 +85927,7 @@ software: unaffected_versions: [] vendor_links: - https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/cve-2021-44228 - notes: The vulnerability will be patch/mitigated in upcoming releases\patches. + notes: The vulnerability will be patch/mitigated in upcoming releases/patches. references: - '' last_updated: '2021-12-22T00:00:00' From 304fc1599cfc1d13b1a9a183e205f844d66ffc3d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 09:16:48 -0500 Subject: [PATCH 193/268] Add Philips products --- data/cisagov_P.yml | 544 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 541 insertions(+), 3 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 4f73194..fcde93c 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2328,7 +2328,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Philips - product: Multiple products + product: Event Analytics (All VUE PACS Versions) cves: cve-2021-4104: investigated: false @@ -2336,10 +2336,104 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: HealthSuite Marketplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment has deployed a patch. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliBridge Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'B.13' + - 'B.15' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided it is customer + responsibility to validate and deploy patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSite Pathology Solution 5.1 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'L1' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2351,11 +2445,455 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.philips.com/a-w/security/security-advisories.html + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v11 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + Information or patch available in Inleft. Please contact your + local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace PACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround and + in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Portal Server/workstation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'v9 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. Information + or patch available in Inleft. Please contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pathology De-identifier 1.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'L1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Performance Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.0 with Practice' + - '3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + Information or patch available in Inleft. Please contact your local + service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pinnacle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '18.x' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + Information or patch available in Inleft. Please contact your local + service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Report Analytics (All VUE PACS Versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: RIS Clinic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Scanner Protocol Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Tasy EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. + For products solutions where the server was provided by Philips, it + will be Philips responsibility to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Univeral Data Manager (UDM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: VuePACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '12.2.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' - vendor: PHOENIX CONTACT product: Cloud Services cves: From 69788d2b553ed682930e8d24617c09feb4020a6c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 09:19:49 -0500 Subject: [PATCH 194/268] Remove tab for note, Philips --- data/cisagov_P.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index fcde93c..d5a6fc0 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2859,7 +2859,7 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Philips hosting environment is evaluating the VMware provided workaround + notes: Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. references: - '' From 0a11b7cded361d06cca7c9be5847fe4e912344a2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 09:28:49 -0500 Subject: [PATCH 195/268] Update Phoenix Contact, Ping Identity --- data/cisagov_P.yml | 72 +++++++++++++++++++++++++--------------------- 1 file changed, 39 insertions(+), 33 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index d5a6fc0..7c83b8b 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -2903,9 +2903,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2918,8 +2919,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: Partly affected. Remediations are being implemented. + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: Cloud Services were either not vulnerable or are completely fixed. No exploits observed. references: - '' last_updated: '2021-12-22T00:00:00' @@ -2932,10 +2933,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2947,7 +2949,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 notes: '' references: - '' @@ -2961,10 +2963,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2976,7 +2979,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 notes: '' references: - '' @@ -2991,9 +2994,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0 <= version <= 6.3.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '4.0 <= version <= 6.3.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3020,9 +3023,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3050,9 +3054,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0 <= version <= 10.3.4 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '8.0 <= version <= 10.3.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3080,9 +3084,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.7.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 2.7.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3110,9 +3114,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 4.3.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3139,9 +3143,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3160,7 +3165,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Pitney Bowes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3189,7 +3194,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Planmeca - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3218,7 +3223,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Planon Software - product: '' + product: Planon Universe cves: cve-2021-4104: investigated: false @@ -3226,10 +3231,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -3248,7 +3254,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Platform.SH - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3277,7 +3283,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Plesk - product: '' + product: All cves: cve-2021-4104: investigated: false From 38e9365214e0fb6d6f6b959348c707818d3371a0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 11:30:04 -0500 Subject: [PATCH 196/268] Add Polycom products --- data/cisagov_P.yml | 161 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 156 insertions(+), 5 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 7c83b8b..b1a00c7 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -3320,10 +3320,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by CISA. + Mitigation already applied, patch available. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Plex + product: Plex Media Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3336,13 +3368,101 @@ software: unaffected_versions: [] vendor_links: - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Polycom - product: '' + product: Cloud Relay (OTD and RealConnect hybrid use case) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Core/Edge (a.k.a. DMA/CCE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.0 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly RealConnect for Microsoft Teams and Skype for Business cves: cve-2021-4104: investigated: false @@ -3350,10 +3470,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: RealAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3371,7 +3522,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Portainer - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3400,7 +3551,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PortSwigger - product: '' + product: All cves: cve-2021-4104: investigated: false From 8987f4bfddcb75bafb2ee746e073683875a6d4c4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 11:38:55 -0500 Subject: [PATCH 197/268] Add PowerDNS products --- data/cisagov_P.yml | 150 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 137 insertions(+), 13 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index b1a00c7..b7bae02 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -3579,8 +3579,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PostGreSQL - product: '' + - vendor: Postgres + product: PostgreSQL JDBC cves: cve-2021-4104: investigated: false @@ -3588,10 +3588,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3609,7 +3610,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Postman - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3650,7 +3651,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3661,7 +3662,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ notes: '' references: - '' @@ -3679,7 +3681,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3690,7 +3692,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ notes: '' references: - '' @@ -3708,7 +3711,97 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: dnsdist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: metronome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Authoritative Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3719,13 +3812,44 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Recursor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: Pretix - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3754,7 +3878,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PrimeKey - product: '' + product: All cves: cve-2021-4104: investigated: false From 06543934021f6c4585c437d808dce69c00a8ea19 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 11:58:15 -0500 Subject: [PATCH 198/268] Add Proofpoint products --- data/cisagov_P.yml | 1043 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1032 insertions(+), 11 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index b7bae02..5488b4b 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -3906,8 +3906,758 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Progress / IpSwitch - product: '' + - vendor: Procentec (HMS Group) + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://mailchi.mp/procentec.com/security_message + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: DataDirect Hybrid Data Pipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: OpenEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloud App Security Broker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark Cloud/Cloudmark Hybrid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Compliance Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Content Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Data Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: DLP Core Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Community + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Fraud Defense (EFD) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Protecton OnDemand (PoD), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Security Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Endpoint DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Archive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Email + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insiders Threat Management On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insider Threat Management Saas + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Isolation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: ITM Saas Endpoint Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Mail Protection On-Premise (PPS), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Meta/ZTNA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Nexus People Risk Explorer cves: cve-2021-4104: investigated: false @@ -3915,10 +4665,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Email Relay + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3930,13 +4711,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.progress.com/security + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' - vendor: ProofPoint - product: '' + product: Secure Share cves: cve-2021-4104: investigated: false @@ -3944,10 +4725,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Security Awareness Training + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3959,14 +4771,223 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Sentrion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Targeted Attack Protection (TAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Threat Response (TRAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' - vendor: ProSeS - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3995,7 +5016,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Prosys - product: '' + product: All cves: cve-2021-4104: investigated: false From b0dddc34f62f06f21a649decab68bfaa9419034a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 12:25:50 -0500 Subject: [PATCH 199/268] Add PTC products --- data/cisagov_P.yml | 1214 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1195 insertions(+), 19 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 5488b4b..3d6a6ee 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -5045,7 +5045,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Proxmox - product: '' + product: Backup Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Mail Gateway cves: cve-2021-4104: investigated: false @@ -5053,10 +5083,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: VE + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5074,7 +5135,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PRTG Paessler - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5103,7 +5164,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PTC - product: Axeda Platform + product: ACA Client cves: cve-2021-4104: investigated: false @@ -5112,10 +5173,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.9.2 + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Adapter Toolkit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5133,7 +5224,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: PTC - product: ThingsWorx Analytics + product: AdaWorld cves: cve-2021-4104: investigated: false @@ -5142,14 +5233,100 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ApexAda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arbortext Editor, Styler, and Publishing Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>8.0.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5161,13 +5338,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 notes: '' references: - '' last_updated: '2021-12-17T00:00:00' - vendor: PTC - product: ThingsWorx Platform + product: Axeda Platform cves: cve-2021-4104: investigated: false @@ -5177,13 +5384,982 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Elements/Direct Model Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Parametric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Flexnet License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '12.0.2.2 (CPS03)' + - '12.0.2.3' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '<= 11.1 M020' + - '11.2.1' + - '12.0.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.0.2.0 (CPS01 and CPS02)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Implementer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Intellicus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=19.1 SP11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: OnShape + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Pricing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Advisor Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx DPM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Extensions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Flow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Kepware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<=1.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Manufacturing Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Navigate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Ping Federate Integration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=8.5.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform High Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: WCTK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '12.0.2.2 (CPS03)' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.0.2.0 (CPS01 & CPS02)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '<=11.2 M020' + - '11.2.1' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Performance Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Rest Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill RV&S(Integrity Lifcycle Manager) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.6/8.6 4.6 SP0 to 12.5' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Workgroup Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From a9542865ad3761b33b720b25a7995c2d926c9700 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 12:58:06 -0500 Subject: [PATCH 200/268] Add PTV Group products --- data/cisagov_P.yml | 1024 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1023 insertions(+), 1 deletion(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 3d6a6ee..a651213 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -6377,7 +6377,998 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: PTV Group - product: '' + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '> 2017' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '< 2018' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Arrival Board + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Balance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Content Update Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2 (on prem)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Developer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV EM Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Epics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Hyperpath + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV MaaS Modeller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Map&Guide Intranet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator App + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator License Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Optima + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Road Editor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser CL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'on prem xServer2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimiser ST (TourOpt) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimizer Saas/Demonstrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TLN Planner Internet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TRE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Tre-Addin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Trip Creator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vissim + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistad Euska + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Vistro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Visum Publisher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Viswalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.34 (on prem)' + - '2 (on prem)' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '< 1.34 (on prem)' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 1 cves: cve-2021-4104: investigated: false @@ -6385,10 +7376,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer Internet 2 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] From e34a784c88394414faa24c085665d35ef970cad2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 13:15:52 -0500 Subject: [PATCH 201/268] Update Pulse Secure products --- data/cisagov_P.yml | 120 ++++++++++++++------------------------------- 1 file changed, 37 insertions(+), 83 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index a651213..2c3c7d5 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -7436,68 +7436,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Neurons for secure Access - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7515,7 +7458,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + product: Ivanti Neurons for Secure Access cves: cve-2021-4104: investigated: false @@ -7523,10 +7466,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7552,10 +7496,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7581,10 +7526,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7610,10 +7556,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7639,10 +7586,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7668,10 +7616,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7697,10 +7646,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7726,10 +7676,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7755,10 +7706,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7784,10 +7736,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7813,10 +7766,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 5a321b41a4c58ab06d0bf7fd201209207a78b437 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 13:27:18 -0500 Subject: [PATCH 202/268] Add Pure Storage, Puppet products --- data/cisagov_P.yml | 151 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 122 insertions(+), 29 deletions(-) diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 2c3c7d5..2de8672 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -7788,7 +7788,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Puppet - product: '' + product: Agents cves: cve-2021-4104: investigated: false @@ -7796,10 +7796,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7816,8 +7817,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: '' + - vendor: Puppet + product: Continuous Delivery for Puppet Enterprise cves: cve-2021-4104: investigated: false @@ -7825,10 +7826,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.x' + - '< 4.10.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Puppet + product: Enterprise + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7840,9 +7873,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -7857,8 +7889,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - CBS6.1.x - - CBS6.2.x + - 'CBS6.1.x' + - 'CBS6.2.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7873,7 +7905,7 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/27/2021 + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7888,10 +7920,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 5.3.x - - 6.0.x - - 6.1.x - - 6.2.x + - '5.3.x' + - '6.0.x' + - '6.1.x' + - '6.2.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7906,12 +7938,12 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/20/2021 + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Pure Storage - product: FlashBlade + product: Flash Blade cves: cve-2021-4104: investigated: false @@ -7921,9 +7953,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.x - - 3.2.x - - 3.3.x + - '3.1.x' + - '3.2.x' + - '3.3.x' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7938,7 +7970,7 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/24/2021 + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7952,9 +7984,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 2.8.0+ - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '2.8.0+' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7968,7 +8000,7 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7984,7 +8016,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - N/A + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7998,12 +8030,42 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Pyramid Analytics - product: '' + - vendor: Pure Storage + product: VM Analytics OVA Collector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< v3.1.4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: PuTTY + product: All cves: cve-2021-4104: investigated: false @@ -8011,10 +8073,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.chiark.greenend.org.uk/~sgtatham/putty/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pyramid Analytics + product: All + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] From cbbbf5f096d57f46b3f1fe2030d41aa2ec8d7158 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 8 Feb 2022 18:35:02 +0000 Subject: [PATCH 203/268] Update the software list --- SOFTWARE-LIST.md | 1 + data/cisagov.yml | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 780c982..9f600c9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2867,6 +2867,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | SEP | | | | Unknown | [link](https://support.sep.de/otrs/public.pl?Action=PublicFAQZoom;ItemID=132) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Server Eye | | | | Unknown | [link](https://www.server-eye.de/blog/sicherheitsluecke-log4j-server-eye-systeme-sind-nicht-betroffen/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ServiceNow | | | | Unknown | [link](https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1000959) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ServiceTitan | ServiceTitan | | Cloud | Fixed | [link](https://security.servicetitan.com/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-07 | | Shibboleth | | | | Unknown | [link](http://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Shibboleth | All Products | | | Not Affected | [link](https://shibboleth.net/pipermail/announce/2021-December/000253.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-10 | | Shopify | | | | Unknown | [link](https://community.shopify.com/c/technical-q-a/is-shopify-affected-by-the-log4j-vulnerability/td-p/1417625) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 3c5a1cc..7ea3f5e 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -84816,6 +84816,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ServiceTitan + product: ServiceTitan + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + vendor_links: + - https://security.servicetitan.com/ + notes: '' + references: + - '' + last_updated: '2022-02-07T00:00:00' - vendor: Shibboleth product: '' cves: From cd4e23ff359f7cdd154e51de159d83f17973f7ee Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 8 Feb 2022 18:40:59 +0000 Subject: [PATCH 204/268] Update the software list --- SOFTWARE-LIST.md | 335 ++- data/cisagov.yml | 5539 +++++++++++++++++++++++++++++++++++++++++--- data/cisagov_P.yml | 239 +- 3 files changed, 5540 insertions(+), 573 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 9f600c9..801cf5b 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2525,30 +2525,35 @@ NOTE: This file is automatically generated. To submit updates, please refer to | OxygenXML | Publishing Engine | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | Web Author | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | OxygenXML | WebHelp | | | Unknown | | [https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html](https://www.oxygenxml.com/security/advisory/CVE-2021-44228.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| PagerDuty | PagerDuty SaaS | | | Unknown | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Paessler | PRTG | | | Not Affected | [link](https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| PagerDuty | PagerDuty Rundeck | | 3.3+ | Fixed | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| PagerDuty | PagerDuty SaaS | | | Fixed | [link](https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability) | We currently see no evidence of compromises on our platform. Our teams continue to monitor for new developments and for impacts on sub-processors and dependent systems. PagerDuty SaaS customers do not need to take any additional action for their PagerDuty SaaS environment | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Palantir | Palantir AI Inference Platform (AIP) | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | Fully remediated as of 1.97.0. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Palantir | Palantir Apollo | | | Not Affected | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact, and updates have been deployed for full remediation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Palantir | Palantir Foundry | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | | Palantir | Palantir Gotham | | All | Fixed | [link](https://www.palantir.com/security-advisories/log4j-vulnerability/) | No impact to Palantir-hosted or Apollo-connected instances, and updates have been deployed for full remediation. Disconnected customer instances may require manual updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-19 | -| Palo-Alto Networks | Bridgecrew | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | CloudGenix | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Cortex Data Lake | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Cortex XDR Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Cortex Xpanse | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Cortex XSOAR | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Expedition | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | GlobalProtect App | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | IoT Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Okyo Grade | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | 9.0, 9.1, 10.0 | | Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Palo-Alto Networks | Prisma Access | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Prisma Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | Prisma Cloud Compute | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | SaaS Security | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | User-ID Agent | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | WildFire Appliance | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Palo-Alto Networks | WildFire Cloud | | | Unknown | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Bridgecrew | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | CloudGenix | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Data Lake | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XDR Agent | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex Xpanse | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Cortex XSOAR | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Exact Data Matching CLI | | 1.2 | Fixed | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Expedition | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | GlobalProtect App | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | IoT Security | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Okyo Grade | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-DB Private Cloud | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Firewall and Wildfire | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Palo-Alto Networks-OS for Panorama | | 9.0.15, 9.1.12-h3, 10.0.8-h8 | Fixed | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | Upgrade Panorama to PAN-OS 10.1 to remediate this issue. This advisory will be updated when hot fixes for the affected Panorama versions are available. PAN-OS for Panorama versions 8.1, 10.1 are not affected. | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Palo-Alto Networks | Prisma Access | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma Cloud Compute | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | Prisma SD-WAN (CloudGenix) | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | SaaS Security | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | User-ID Agent | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Appliance | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Palo-Alto Networks | WildFire Cloud | | | Not Affected | [link](https://security.paloaltonetworks.com/CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Panasonic | KX-HDV100 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | | Panasonic | KX-HDV130 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | | Panasonic | KX-HDV230 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | @@ -2567,76 +2572,228 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Panasonic | KX-UT136 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | | Panasonic | KX-UT248 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | | Panasonic | KX-UT670 | | | Not Affected | [link](https://panasonic.net/cns/pcc/support/sipphone/disposaldoc-Apache_Log4j_Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-20 | -| Panopto | | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/support/known-issues/?id=PO-684#ng) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Parallels | | | | Unknown | [link](https://kb.parallels.com/en/128696) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Parse.ly | | | | Unknown | [link](https://blog.parse.ly/parse-ly-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PBXMonitor | RMM for 3CX PBX | | | Unknown | [link](https://www.pbxmonitor.net/changelog.php) | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Pega | | | | Unknown | [link](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pentaho | | | | Unknown | [link](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pepperl+Fuchs | | | | Unknown | [link](https://www.pepperl-fuchs.com/global/en/29079.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Percona | | | | Unknown | [link](https://www.percona.com/blog/log4jshell-vulnerability-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pexip | | | | Unknown | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Phenix Id | | | | Unknown | [link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Philips | Multiple products | | | Unknown | [link](https://www.philips.com/a-w/security/security-advisories.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PHOENIX CONTACT | Cloud Services | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | Partly affected. Remediations are being implemented. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| PHOENIX CONTACT | Physical products containing firmware | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| PHOENIX CONTACT | Software Products | | | Unknown | [link](https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Ping Identity | PingAccess | 4.0 <= version <= 6.3.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Ping Identity | PingCentral | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Ping Identity | PingFederate | 8.0 <= version <= 10.3.4 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Ping Identity | PingFederate Java Integration Kit | < 2.7.2 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Ping Identity | PingFederate OAuth Playground | < 4.3.1 | | Affected | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Ping Identity | PingIntelligence | | | Unknown | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Pitney Bowes | | | | Unknown | [link](https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Planmeca | | | | Unknown | [link](https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Planon Software | | | | Unknown | [link](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Platform.SH | | | | Unknown | [link](https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Plesk | | | | Unknown | [link](https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Plex | Plex Industrial IoT | | | Unknown | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | The product has been updated to Log4j version 2.15. An additional patch is being developed to update to 2.16. No user interaction is required. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Polycom | | | | Unknown | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Portainer | | | | Unknown | [link](https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PortSwigger | | | | Unknown | [link](https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PostGreSQL | | | | Unknown | [link](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Postman | | | | Unknown | [link](https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Power Admin LLC | PA File Sight | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Power Admin LLC | PA Server Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Power Admin LLC | PA Storage Monitor | | | Not Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Pretix | | | | Unknown | [link](https://pretix.eu/about/de/blog/20211213-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PrimeKey | | | | Unknown | [link](https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Progress / IpSwitch | | | | Unknown | [link](https://www.progress.com/security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ProofPoint | | | | Unknown | [link](https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ProSeS | | | | Unknown | [link](https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Prosys | | | | Unknown | [link](https://prosysopc.com/news/important-security-release/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Proxmox | | | | Unknown | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| PRTG Paessler | | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Panopto | All | | | Unknown | [link](https://support.panopto.com/s/article/Panopto-Statement-on-the-Log4j2-Zero-Day-Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PaperCut | PaperCut Hive | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut MF | 21.0 and later | | Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut MobilityPrint | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut MultiVerse | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut NG | 21.0 and later | | Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Online Services | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Pocket | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Print Logger | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PaperCut | PaperCut Views | | | Not Affected | [link](https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Parallels | Remote Application Server | | | Not Affected | [link](https://kb.parallels.com/en/128696) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Parse.ly | All | | | Unknown | [link](https://blog.parse.ly/parse-ly-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PBXMonitor | RMM for 3CX PBX | | | Not Affected | [link](https://www.pbxmonitor.net/changelog.php) | Mirror Servers were also checked to ensure Log4J was not installed or being used by any of our systems. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PDQ | Deploy | | | Unknown | [link](https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| PDQ | Inventory | | | Unknown | [link](https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Pega | Platform | | 7.3.x - 8.6.x | Fixed | [link](https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability) | Hotfixes made available for registered customers by Pega. When using Stream nodes, the embedded Kafka instances require a separate hotfix to be installed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pentaho | All | | | Unknown | [link](https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pepperl+Fuchs | All | | | Unknown | [link](https://www.pepperl-fuchs.com/global/en/29079.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Percona | All | | | Unknown | [link](https://www.percona.com/blog/log4jshell-vulnerability-update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Personio | All | | | Fixed | [link](https://status.personio.de/incidents/kn4c6mf6lpdv) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Endpoint Activation | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Eptools | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Infinity | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Infinity Connect Client | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Microsoft Teams Connector | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | My Meeting Video | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Reverse Proxy and TURN Server | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | Service | | All | Fixed | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pexip | VMR Self-Service Portal | | | Not Affected | [link](https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Phenix Id | All | | | Unknown | [link](https://support.phenixid.se/uncategorized/log4j-fix/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Philips | Event Analytics (All VUE PACS Versions) | All | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | HealthSuite Marketplace | | 1.2 | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Philips hosting environment has deployed a patch. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliBridge Enterprise | B.13, B.15 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided it is customer responsibility to validate and deploy patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSite Pathology Solution 5.1 | L1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSpace Enterprise | | v11 and above | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSpace PACS | | | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | IntelliSpace Portal Server/workstation | | v9 and above | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Pathology De-identifier 1.0 | L1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Performance Bridge | | 2.0 with Practice, 3.0 | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Pinnacle | 18.x | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Protocol Analytics | | 1.1 | Fixed | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. Information or patch available in Inleft. Please contact your local service support team. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Protocol Applications | 1.1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Report Analytics (All VUE PACS Versions) | All | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | RIS Clinic | | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Scanner Protocol Manager | 1.1 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Tasy EMR | | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Software only products with customer owned Operating Systems. For products solutions where the server was provided by Philips, it will be Philips responsibility to validate and provide patches. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | Univeral Data Manager (UDM) | | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | Philips hosting environment is evaluating the VMware provided workaround and in the process of deploying for managed service customers. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Philips | VuePACS | 12.2.8 | | Affected | [link](https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| PHOENIX CONTACT | Cloud Services | | | Fixed | [link](https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0) | Cloud Services were either not vulnerable or are completely fixed. No exploits observed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Physical products containing firmware | | | Not Affected | [link](https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| PHOENIX CONTACT | Software Products | | | Not Affected | [link](https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Ping Identity | PingAccess | | 4.0 <= version <= 6.3.2 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingCentral | | | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate | | 8.0 <= version <= 10.3.4 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate Java Integration Kit | | < 2.7.2 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingFederate OAuth Playground | | < 4.3.1 | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ping Identity | PingIntelligence | | | Fixed | [link](https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pitney Bowes | All | | | Unknown | [link](https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planmeca | All | | | Unknown | [link](https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Planon Software | Planon Universe | | | Not Affected | [link](https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Platform.SH | All | | | Unknown | [link](https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plesk | All | | | Unknown | [link](https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Plex | Plex Industrial IoT | | | Not Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | This advisory is available to customer only and has not been reviewed by CISA. Mitigation already applied, patch available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Plex | Plex Media Server | | | Not Affected | [link](https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Polycom | Cloud Relay (OTD and RealConnect hybrid use case) | | | Unknown | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | Poly Clariti Core/Edge (a.k.a. DMA/CCE) | | 9.0 and above | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | Poly Clariti Relay | | 1.0.2 | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | Poly RealConnect for Microsoft Teams and Skype for Business | | | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Polycom | RealAccess | | | Fixed | [link](https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Portainer | All | | | Unknown | [link](https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PortSwigger | All | | | Unknown | [link](https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Postgres | PostgreSQL JDBC | | | Not Affected | [link](https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Postman | All | | | Unknown | [link](https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Power Admin LLC | PA File Sight | | | Not Affected | [link](https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Server Monitor | | | Not Affected | [link](https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Power Admin LLC | PA Storage Monitor | | | Not Affected | [link](https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | dnsdist | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | metronome | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | PowerDNS Authoritative Server | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PowerDNS | PowerDNS Recursor | | | Not Affected | [link](https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Pretix | All | | | Unknown | [link](https://pretix.eu/about/de/blog/20211213-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PrimeKey | All | | | Unknown | [link](https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Procentec (HMS Group) | All | | | Not Affected | [link](https://mailchi.mp/procentec.com/security_message) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Progress | DataDirect Hybrid Data Pipeline | | | Fixed | [link](https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Progress | OpenEdge | | | Fixed | [link](https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ProofPoint | Archiving Appliance | | | Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Archiving Backend | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Cloud App Security Broker | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Cloudmark Cloud/Cloudmark Hybrid | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Cloudmark On-Premise | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Compliance Gateway | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Content Patrol | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Data Discover | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | DLP Core Engine | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Community | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Fraud Defense (EFD) | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Protecton OnDemand (PoD), including Email DLP and Email Encryption | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Email Security Relay | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Endpoint DLP | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Essentials Archive | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Essentials Email | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Insider Threat Management Saas | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Insiders Threat Management On-Premise | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Isolation | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | ITM Saas Endpoint Agents | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Mail Protection On-Premise (PPS), including Email DLP and Email Encryption | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Meta/ZTNA | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Nexus People Risk Explorer | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Secure Email Relay | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Secure Share | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Security Awareness Training | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Sentrion | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Social Discover | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Social Patrol | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Targeted Attack Protection (TAP) | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Threat Response (TRAP) | | | Not Affected | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Web Gateway | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProofPoint | Web Security | | | Fixed | [link](https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-26 | +| ProSeS | All | | | Unknown | [link](https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Prosys | All | | | Unknown | [link](https://prosysopc.com/news/important-security-release/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | Backup Server | | | Not Affected | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | Mail Gateway | | | Not Affected | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Proxmox | VE | | | Not Affected | [link](https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PRTG Paessler | All | | | Unknown | [link](https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTC | ACA Client | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Adapter Toolkit | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | AdaWorld | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ApexAda | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Arbortext Editor, Styler, and Publishing Engine | | >8.0.0.0 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Arena | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Axeda | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | PTC | Axeda Platform | 6.9.2 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| PTC | ThingsWorx Analytics | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| PTC | ThingsWorx Platform | 8.5, 9.0, 9.1, 9.2, All supported versions | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| PTV Group | | | | Unknown | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Ivanti Connect Secure (ICS) | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Ivanti Neurons for secure Access | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Ivanti Neurons for ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Connect Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Desktop Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Mobile Client | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse One | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Policy Secure | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Secure Services Director | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Secure Virtual Traffic Manager | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse Secure Web Application Firewall | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pulse Secure | Pulse ZTA | | | Unknown | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Puppet | | | | Unknown | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pure Storage | | | | Unknown | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22)) | This advisory is available for customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/27/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/20/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Pure Storage | FlashBlade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | Patch expected 12/24/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Pure Storage | PortWorx | 2.8.0+ | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Pure Storage | Pure1 | | N/A | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Pyramid Analytics | | | | Unknown | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTC | Creo Elements/Direct Model Manager | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Creo Parametric | | | Unknown | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Creo View | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Flexnet License Server | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | FlexPLM | 12.0.2.2 (CPS03), 12.0.2.3 | | Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | FlexPLM | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | FlexPLM | | 12.0.2.0 (CPS01 and CPS02) | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Implementer | | | Unknown | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Intellicus | | >=19.1 SP11 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | OnShape | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Servigistics Service Parts Management | | 12.1, 12.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Servigistics Service Parts Pricing | | 12.1, 12.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358990) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Advisor Apps | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Agents | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Analytics | | 8.5, 9.0, 9.1, 9.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx DPM | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Extensions | | | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Flow | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Kepware | | <=1.3 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Manufacturing Apps | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Navigate | | 9.1, 9.2 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Ping Federate Integration | | >=9.1 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Platform | | >=8.5.7 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | ThingWorx Platform High Availability | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | WCTK | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill PDMLink | 12.0.2.2 (CPS03) | | Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill PDMLink | | 12.0.2.0 (CPS01 & CPS02) | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill PDMLink | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill Performance Advisor | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill Rest Services | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill RV&S(Integrity Lifcycle Manager) | | 4.6/8.6 4.6 SP0 to 12.5 | Fixed | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTC | Windchill Workgroup Manager | | | Not Affected | [link](https://www.ptc.com/en/support/article/CS358901) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| PTV Group | Map&Market | > 2017 | | Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | Map&Market | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Arrival Board | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Balance | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Content Update Service | | 2 (on prem) | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Developer | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Drive&Arrive | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Drive&Arrive App | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV EM Portal | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Epics | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Hyperpath | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV MaaS Modeller | | | Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Map&Guide Intranet | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Navigator App | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Navigator License Manager | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Optima | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Road Editor | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimiser CL | | | Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimiser ST | | on prem xServer2 | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimiser ST (TourOpt) | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Route Optimizer Saas/Demonstrator | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV TLN Planner Internet | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV TRE | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Tre-Addin | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Trip Creator | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Vissim | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Vistad Euska | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Vistro | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Visum | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Visum Publisher | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV Viswalk | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer | | 1.34 (on prem), 2 (on prem) | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer | | | Not Affected | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer Internet 1 | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| PTV Group | PTV xServer Internet 2 | | | Fixed | [link](https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Connect Secure (ICS) | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for Secure Access | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Ivanti Neurons for ZTA | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Connect Secure | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Desktop Client | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Mobile Client | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse One | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Policy Secure | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Services Director | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Virtual Traffic Manager | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse Secure Web Application Firewall | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pulse Secure | Pulse ZTA | | | Not Affected | [link](https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | Agents | | | Not Affected | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | Continuous Delivery for Puppet Enterprise | | 3.x, < 4.10.2 | Fixed | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Puppet | Enterprise | | | Not Affected | [link](https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pure Storage | Cloud Blockstore | CBS6.1.x, CBS6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Flash Array | 5.3.x, 6.0.x, 6.1.x, 6.2.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Flash Blade | 3.1.x, 3.2.x, 3.3.x | | Affected | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | PortWorx | | 2.8.0+ | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | Pure1 | | | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Pure Storage | VM Analytics OVA Collector | | < v3.1.4 | Fixed | [link](https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| PuTTY | All | | | Not Affected | [link](https://www.chiark.greenend.org.uk/~sgtatham/putty/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Pyramid Analytics | All | | | Not Affected | [link](https://community.pyramidanalytics.com/t/83hjjt4/log4j-security-vulnerability-pyramid) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Qconference | FaceTalk | | | Fixed | [link](https://qconferencing.com/status-vulnerability-log4j-en-qconferencing/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | QF-Test | All | | | Unknown | [link](https://www.qfs.de/en/blog/article/no-log4j-vulnerability-in-qf-test.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Qlik | AIS, including ARC | | | Not Affected | [link](https://community.qlik.com/t5/Support-Updates-Blog/Vulnerability-Testing-Apache-Log4j-reference-CVE-2021-44228-also/ba-p/1869368) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 7ea3f5e..08cb0c2 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -74541,8 +74541,38 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: Paessler + product: PRTG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.rundeck.com/docs/history/CVEs/#log4shell-cves + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: PagerDuty - product: PagerDuty SaaS + product: PagerDuty Rundeck cves: cve-2021-4104: investigated: false @@ -74550,10 +74580,44 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 3.3+ + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pagerduty.com/docs/pagerduty-log4j-zero-day-vulnerability + notes: We currently see no evidence of compromises on our platform. Our teams + continue to monitor for new developments and for impacts on sub-processors and + dependent systems. PagerDuty SaaS customers do not need to take any additional + action for their PagerDuty SaaS environment. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: PagerDuty + product: PagerDuty SaaS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74707,10 +74771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74736,10 +74801,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74765,10 +74831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74794,10 +74861,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74823,10 +74891,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74852,10 +74921,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Exact Data Matching CLI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -74881,10 +74981,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74910,10 +75011,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74939,10 +75041,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74968,10 +75071,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Palo-Alto Networks-DB Private Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -74997,10 +75131,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75027,11 +75162,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '9.0' - - '9.1' - - '10.0' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 9.0.15 + - 9.1.12-h3 + - 10.0.8-h8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -75060,10 +75195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75089,10 +75225,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75118,10 +75255,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://security.paloaltonetworks.com/CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Palo-Alto Networks + product: Prisma SD-WAN (CloudGenix) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75147,10 +75315,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75176,10 +75345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75205,10 +75375,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75234,10 +75405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75795,7 +75967,7 @@ software: - '' last_updated: '2022-01-20T00:00:00' - vendor: Panopto - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -75824,7 +75996,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: PaperCut - product: PaperCut MF + product: PaperCut Hive cves: cve-2021-4104: investigated: false @@ -75833,10 +76005,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 21.0 and later + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75848,15 +76020,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng - notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted - by this. Workaround manual steps available in reference. Upgrade to PaperCut - NG/MF version 21.2.3 Now Available to resolve. + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' references: - '' last_updated: '2021-12-16T00:00:00' - vendor: PaperCut - product: PaperCut NG + product: PaperCut MF cves: cve-2021-4104: investigated: false @@ -75880,15 +76050,15 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.papercut.com/support/known-issues/?id=PO-684#ng + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted by this. Workaround manual steps available in reference. Upgrade to PaperCut NG/MF version 21.2.3 Now Available to resolve. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Parallels - product: '' + - vendor: PaperCut + product: PaperCut MobilityPrint cves: cve-2021-4104: investigated: false @@ -75896,10 +76066,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75911,13 +76082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.parallels.com/en/128696 + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Parse.ly - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut MultiVerse cves: cve-2021-4104: investigated: false @@ -75925,10 +76096,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75940,13 +76112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.parse.ly/parse-ly-log4shell/ + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PBXMonitor - product: RMM for 3CX PBX + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut NG cves: cve-2021-4104: investigated: false @@ -75954,10 +76126,43 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - 21.0 and later + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: Versions 21.0 and later are impacted. Versions 20 and earlier are NOT impacted + by this. Workaround manual steps available in reference. Upgrade to PaperCut + NG/MF version 21.2.3 Now Available to resolve. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Online Services + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75969,14 +76174,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pbxmonitor.net/changelog.php - notes: Mirror Servers were also checked to ensure Log4J was not installed or being - used by any of our systems. + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Pega - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Pocket cves: cve-2021-4104: investigated: false @@ -75984,10 +76188,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Print Logger + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -75999,13 +76234,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pentaho - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: PaperCut + product: PaperCut Views cves: cve-2021-4104: investigated: false @@ -76013,10 +76248,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.papercut.com/kb/Main/Log4Shell-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Parallels + product: Remote Application Server + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -76028,13 +76294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + - https://kb.parallels.com/en/128696 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pepperl+Fuchs - product: '' + - vendor: Parse.ly + product: All cves: cve-2021-4104: investigated: false @@ -76057,13 +76323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pepperl-fuchs.com/global/en/29079.htm + - https://blog.parse.ly/parse-ly-log4shell/ notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Percona - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PBXMonitor + product: RMM for 3CX PBX cves: cve-2021-4104: investigated: false @@ -76071,10 +76337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76086,13 +76353,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.percona.com/blog/log4jshell-vulnerability-update/ - notes: '' + - https://www.pbxmonitor.net/changelog.php + notes: Mirror Servers were also checked to ensure Log4J was not installed or being + used by any of our systems. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pexip - product: '' + last_updated: '2021-12-22T00:00:00' + - vendor: PDQ + product: Deploy cves: cve-2021-4104: investigated: false @@ -76115,13 +76383,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Phenix Id - product: '' + last_updated: '2021-12-16T00:00:00' + - vendor: PDQ + product: Inventory cves: cve-2021-4104: investigated: false @@ -76144,13 +76412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.phenixid.se/uncategorized/log4j-fix/ + - https://www.pdq.com/blog/log4j-vulnerability-cve-2021-44228/?utm_content=190941012&utm_medium=social&utm_source=twitter&hss_channel=tw-90432152 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Philips - product: Multiple products + last_updated: '2021-12-16T00:00:00' + - vendor: Pega + product: Platform cves: cve-2021-4104: investigated: false @@ -76158,9 +76426,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 7.3.x - 8.6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -76173,13 +76442,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.philips.com/a-w/security/security-advisories.html - notes: '' + - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability + notes: Hotfixes made available for registered customers by Pega. When using Stream + nodes, the embedded Kafka instances require a separate hotfix to be installed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PHOENIX CONTACT - product: Cloud Services + - vendor: Pentaho + product: All cves: cve-2021-4104: investigated: false @@ -76202,13 +76472,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf - notes: Partly affected. Remediations are being implemented. + - https://support.pentaho.com/hc/en-us/articles/4416229254541-log4j-2-zero-day-vulnerability-No-impact-to-supported-versions-of-Pentaho- + notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Physical products containing firmware + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pepperl+Fuchs + product: All cves: cve-2021-4104: investigated: false @@ -76231,13 +76501,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.pepperl-fuchs.com/global/en/29079.htm notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: PHOENIX CONTACT - product: Software Products + last_updated: '2021-12-21T00:00:00' + - vendor: Percona + product: All cves: cve-2021-4104: investigated: false @@ -76260,13 +76530,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dam-mdc.phoenixcontact.com/asset/156443151564/1a0f6db6bbc86540bfe4f05fd65877f4/Vulnerability_Statement_Log4J_20211215.pdf + - https://www.percona.com/blog/log4jshell-vulnerability-update/ notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Ping Identity - product: PingAccess + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Personio + product: All cves: cve-2021-4104: investigated: false @@ -76275,9 +76545,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 4.0 <= version <= 6.3.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -76290,13 +76560,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://status.personio.de/incidents/kn4c6mf6lpdv notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingCentral + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Endpoint Activation cves: cve-2021-4104: investigated: false @@ -76304,10 +76574,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Eptools + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -76319,13 +76620,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity cves: cve-2021-4104: investigated: false @@ -76334,10 +76635,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 8.0 <= version <= 10.3.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -76349,13 +76650,4420 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate Java Integration Kit + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Infinity Connect Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Microsoft Teams Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: My Meeting Video + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Reverse Proxy and TURN Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pexip + product: VMR Self-Service Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pexip.com/blog1.0/pexip-statement-on-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Phenix Id + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.phenixid.se/uncategorized/log4j-fix/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Philips + product: Event Analytics (All VUE PACS Versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: HealthSuite Marketplace + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment has deployed a patch. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliBridge Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - B.13 + - B.15 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided it is customer responsibility to validate + and deploy patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSite Pathology Solution 5.1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - L1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v11 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace PACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: IntelliSpace Portal Server/workstation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pathology De-identifier 1.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - L1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Performance Bridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.0 with Practice + - '3.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Pinnacle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 18.x + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Protocol Applications + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Report Analytics (All VUE PACS Versions) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: RIS Clinic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Scanner Protocol Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '1.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Tasy EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: Univeral Data Manager (UDM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: Philips + product: VuePACS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.2.8 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive + notes: '' + references: + - '' + last_updated: '2021-12-13T07:18:50+00:00' + - vendor: PHOENIX CONTACT + product: Cloud Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: Cloud Services were either not vulnerable or are completely fixed. No exploits + observed. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Physical products containing firmware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: PHOENIX CONTACT + product: Software Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Ping Identity + product: PingAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.0 <= version <= 6.3.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingCentral + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 8.0 <= version <= 10.3.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate Java Integration Kit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.7.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingFederate OAuth Playground + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Ping Identity + product: PingIntelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Pitney Bowes + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planmeca + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Planon Software + product: Planon Universe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ + notes: This advisory is available for customers only and has not been reviewed + by CISA + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Platform.SH + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plesk + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Plex + product: Plex Industrial IoT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by + CISA. Mitigation already applied, patch available. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Plex + product: Plex Media Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Polycom + product: Cloud Relay (OTD and RealConnect hybrid use case) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Core/Edge (a.k.a. DMA/CCE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.0 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly Clariti Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.0.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: Poly RealConnect for Microsoft Teams and Skype for Business + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Polycom + product: RealAccess + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Portainer + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PortSwigger + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postgres + product: PostgreSQL JDBC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Postman + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Power Admin LLC + product: PA File Sight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Server Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Power Admin LLC + product: PA Storage Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.poweradmin.com/blog/solarwinds-hack-our-safety-measures/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: dnsdist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: metronome + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Authoritative Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PowerDNS + product: PowerDNS Recursor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.powerdns.com/2021/12/16/powerdns-and-log4j-log4shell/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Pretix + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://pretix.eu/about/de/blog/20211213-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PrimeKey + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Procentec (HMS Group) + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://mailchi.mp/procentec.com/security_message + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: DataDirect Hybrid Data Pipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Progress + product: OpenEdge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://knowledgebase.progress.com/articles/Knowledge/Is-Hybrid-Data-Pipeline-vulnerable-CVE-2021-44228-Log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Archiving Backend + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloud App Security Broker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark Cloud/Cloudmark Hybrid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Cloudmark On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Compliance Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Content Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Data Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: DLP Core Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Community + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Fraud Defense (EFD) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Protecton OnDemand (PoD), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Email Security Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Endpoint DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Archive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Essentials Email + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insider Threat Management Saas + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Insiders Threat Management On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Isolation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: ITM Saas Endpoint Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Mail Protection On-Premise (PPS), including Email DLP and Email Encryption + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Meta/ZTNA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Nexus People Risk Explorer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Email Relay + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Secure Share + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Security Awareness Training + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Sentrion + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Discover + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Social Patrol + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Targeted Attack Protection (TAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Threat Response (TRAP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProofPoint + product: Web Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proofpoint.com/us/blog/corporate-news/proofpoints-response-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-26T07:18:50+00:00' + - vendor: ProSeS + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Prosys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://prosysopc.com/news/important-security-release/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Backup Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: Mail Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Proxmox + product: VE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PRTG Paessler + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTC + product: ACA Client + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Adapter Toolkit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: AdaWorld + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ApexAda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arbortext Editor, Styler, and Publishing Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>8.0.0.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Arena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Axeda Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 6.9.2 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Elements/Direct Model Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo Parametric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Creo View + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Flexnet License Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.0.2.2 (CPS03) + - 12.0.2.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - <= 11.1 M020 + - 11.2.1 + - 12.0.0 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: FlexPLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.0.2.0 (CPS01 and CPS02) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Implementer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Intellicus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=19.1 SP11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: OnShape + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Servigistics Service Parts Pricing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '12.1' + - '12.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358990 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Advisor Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx DPM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Extensions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Flow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.5' + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Kepware + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <=1.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Manufacturing Apps + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Navigate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.1' + - '9.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Ping Federate Integration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=8.5.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: ThingWorx Platform High Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + - '9.1' + - '9.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: WCTK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 12.0.2.2 (CPS03) + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 12.0.2.0 (CPS01 & CPS02) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill PDMLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - <=11.2 M020 + - 11.2.1 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Performance Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Rest Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill RV&S(Integrity Lifcycle Manager) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.6/8.6 4.6 SP0 to 12.5 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTC + product: Windchill Workgroup Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.ptc.com/en/support/article/CS358901 + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: PTV Group + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '> 2017' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: Map&Market + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - < 2018 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Arrival Board + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Balance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Content Update Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2 (on prem) + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Developer cves: cve-2021-4104: investigated: false @@ -76364,9 +81072,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 2.7.2 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -76379,13 +81087,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingFederate OAuth Playground + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive cves: cve-2021-4104: investigated: false @@ -76394,10 +81102,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 4.3.1 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76409,13 +81117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Ping Identity - product: PingIntelligence + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Drive&Arrive App cves: cve-2021-4104: investigated: false @@ -76423,10 +81131,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76438,13 +81147,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.pingidentity.com/s/article/Log4j2-vulnerability-CVE-CVE-2021-44228 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Pitney Bowes - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV EM Portal cves: cve-2021-4104: investigated: false @@ -76452,10 +81161,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76467,13 +81177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pitneybowes.com/us/support/apache-log4j-vulnerability.html + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planmeca - product: '' + - vendor: PTV Group + product: PTV Epics cves: cve-2021-4104: investigated: false @@ -76481,10 +81191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76496,13 +81207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.planmeca.com/apache-log4j-vulnerability-in-planmeca-products/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Planon Software - product: '' + - vendor: PTV Group + product: PTV Hyperpath cves: cve-2021-4104: investigated: false @@ -76510,10 +81221,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76525,14 +81237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://my.planonsoftware.com/uk/news/log4j-impact-on-planon/ - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Platform.SH - product: '' + - vendor: PTV Group + product: PTV MaaS Modeller cves: cve-2021-4104: investigated: false @@ -76540,8 +81251,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76555,13 +81267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://platform.sh/blog/2021/platformsh-protects-from-apache-log4j/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plesk - product: '' + - vendor: PTV Group + product: PTV Map&Guide Intranet cves: cve-2021-4104: investigated: false @@ -76569,10 +81281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76584,13 +81297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.plesk.com/hc/en-us/articles/4412182812818-CVE-2021-44228-vulnerability-in-log4j-package-of-Apache + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Plex - product: Plex Industrial IoT + - vendor: PTV Group + product: PTV Navigator App cves: cve-2021-4104: investigated: false @@ -76598,10 +81311,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76613,14 +81327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: The product has been updated to Log4j version 2.15. An additional patch - is being developed to update to 2.16. No user interaction is required. + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Polycom - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Navigator License Manager cves: cve-2021-4104: investigated: false @@ -76628,10 +81341,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76643,13 +81357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.polycom.com/content/dam/polycom-support/global/documentation/plygn-21-08-poly-systems-apache.pdf + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Portainer - product: '' + - vendor: PTV Group + product: PTV Optima cves: cve-2021-4104: investigated: false @@ -76657,10 +81371,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76672,13 +81387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.portainer.io/blog/portainer-statement-re-log4j-cve-2021-44228 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PortSwigger - product: '' + - vendor: PTV Group + product: PTV Road Editor cves: cve-2021-4104: investigated: false @@ -76686,10 +81401,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76701,13 +81417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.portswigger.net/thread/are-burp-collaborator-or-burp-enterprise-vulnerable-to-log4j-dc6524e0 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PostGreSQL - product: '' + - vendor: PTV Group + product: PTV Route Optimiser CL cves: cve-2021-4104: investigated: false @@ -76715,8 +81431,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -76730,13 +81447,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.postgresql.org/about/news/postgresql-jdbc-and-the-log4j-cve-2371/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Postman - product: '' + - vendor: PTV Group + product: PTV Route Optimiser ST cves: cve-2021-4104: investigated: false @@ -76744,9 +81461,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - on prem xServer2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -76759,13 +81477,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.postman.com/hc/en-us/articles/4415791933335-Is-Postman-impacted-by-the-Log4j-vulnerability-CVE-2021-44228- + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Power Admin LLC - product: PA File Sight + - vendor: PTV Group + product: PTV Route Optimiser ST (TourOpt) cves: cve-2021-4104: investigated: false @@ -76777,7 +81495,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - NONE + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76788,13 +81506,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Server Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV Route Optimizer Saas/Demonstrator cves: cve-2021-4104: investigated: false @@ -76804,9 +81523,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - NONE + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76817,13 +81536,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Power Admin LLC - product: PA Storage Monitor + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TLN Planner Internet cves: cve-2021-4104: investigated: false @@ -76833,9 +81553,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - NONE + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -76846,13 +81566,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Pretix - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV TRE cves: cve-2021-4104: investigated: false @@ -76860,10 +81581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76875,13 +81597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://pretix.eu/about/de/blog/20211213-log4j/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PrimeKey - product: '' + - vendor: PTV Group + product: PTV Tre-Addin cves: cve-2021-4104: investigated: false @@ -76889,10 +81611,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76904,13 +81627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.primekey.com/news/posts/information-about-primekey-products-and-log4j-vulnerability-cve-2021-44228 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Progress / IpSwitch - product: '' + - vendor: PTV Group + product: PTV Trip Creator cves: cve-2021-4104: investigated: false @@ -76918,10 +81641,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76933,13 +81657,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.progress.com/security + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProofPoint - product: '' + - vendor: PTV Group + product: PTV Vissim cves: cve-2021-4104: investigated: false @@ -76947,10 +81671,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76962,14 +81687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://proofpointcommunities.force.com/community/s/article/Proofpoint-Statement-Regarding-CVE-2021-44228-Java-logging-package-log4j2 - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ProSeS - product: '' + - vendor: PTV Group + product: PTV Vistad Euska cves: cve-2021-4104: investigated: false @@ -76977,10 +81701,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -76992,13 +81717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.proses.de/en/2021/12/16/log4shell-cve-2021-44228/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Prosys - product: '' + - vendor: PTV Group + product: PTV Vistro cves: cve-2021-4104: investigated: false @@ -77006,10 +81731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77021,13 +81747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://prosysopc.com/news/important-security-release/ + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Proxmox - product: '' + - vendor: PTV Group + product: PTV Visum cves: cve-2021-4104: investigated: false @@ -77035,10 +81761,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77050,13 +81777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.proxmox.com/threads/log4j-exploit-what-to-do.101254/#post-436880 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PRTG Paessler - product: '' + - vendor: PTV Group + product: PTV Visum Publisher cves: cve-2021-4104: investigated: false @@ -77064,9 +81791,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -77079,13 +81807,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.paessler.com/en/topic/90213-is-prtg-affected-by-cve-2021-44228 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: PTC - product: Axeda Platform + - vendor: PTV Group + product: PTV Viswalk cves: cve-2021-4104: investigated: false @@ -77094,10 +81822,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.9.2 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77109,13 +81837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358990 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer cves: cve-2021-4104: investigated: false @@ -77124,13 +81852,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 1.34 (on prem) + - 2 (on prem) unaffected_versions: [] cve-2021-45046: investigated: false @@ -77143,13 +81868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: PTC - product: ThingsWorx Platform + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: PTV Group + product: PTV xServer cves: cve-2021-4104: investigated: false @@ -77158,14 +81883,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '8.5' - - '9.0' - - '9.1' - - '9.2' - - All supported versions + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - < 1.34 (on prem) cve-2021-45046: investigated: false affected_versions: [] @@ -77177,13 +81898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ptc.com/en/support/article/CS358901 + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: PTV Group - product: '' + product: PTV xServer Internet 1 cves: cve-2021-4104: investigated: false @@ -77191,9 +81912,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -77211,8 +81933,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Ivanti Connect Secure (ICS) + - vendor: PTV Group + product: PTV xServer Internet 2 cves: cve-2021-4104: investigated: false @@ -77220,9 +81942,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -77235,13 +81958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://company.ptvgroup.com/en/resources/service-support/log4j-latest-information notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + product: Ivanti Connect Secure (ICS) cves: cve-2021-4104: investigated: false @@ -77249,10 +81972,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77270,7 +81994,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Ivanti Neurons for secure Access + product: Ivanti Neurons for Secure Access cves: cve-2021-4104: investigated: false @@ -77278,10 +82002,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77307,10 +82032,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77328,7 +82054,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Ivanti Neurons for ZTA + product: Pulse Connect Secure cves: cve-2021-4104: investigated: false @@ -77336,10 +82062,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77357,7 +82084,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Connect Secure + product: Pulse Desktop Client cves: cve-2021-4104: investigated: false @@ -77365,10 +82092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77386,7 +82114,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Desktop Client + product: Pulse Mobile Client cves: cve-2021-4104: investigated: false @@ -77394,10 +82122,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77415,7 +82144,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Mobile Client + product: Pulse One cves: cve-2021-4104: investigated: false @@ -77423,10 +82152,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77444,7 +82174,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse One + product: Pulse Policy Secure cves: cve-2021-4104: investigated: false @@ -77452,10 +82182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77473,7 +82204,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Policy Secure + product: Pulse Secure Services Director cves: cve-2021-4104: investigated: false @@ -77481,10 +82212,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77502,7 +82234,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Secure Services Director + product: Pulse Secure Virtual Traffic Manager cves: cve-2021-4104: investigated: false @@ -77510,10 +82242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77531,7 +82264,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Secure Virtual Traffic Manager + product: Pulse Secure Web Application Firewall cves: cve-2021-4104: investigated: false @@ -77539,10 +82272,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77560,7 +82294,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Pulse Secure - product: Pulse Secure Web Application Firewall + product: Pulse ZTA cves: cve-2021-4104: investigated: false @@ -77568,10 +82302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77588,8 +82323,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pulse Secure - product: Pulse ZTA + - vendor: Puppet + product: Agents cves: cve-2021-4104: investigated: false @@ -77597,10 +82332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77612,13 +82348,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44933/?kA13Z000000L3dR + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Puppet - product: '' + product: Continuous Delivery for Puppet Enterprise cves: cve-2021-4104: investigated: false @@ -77626,9 +82362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 3.x + - < 4.10.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -77646,8 +82384,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Pure Storage - product: '' + - vendor: Puppet + product: Enterprise cves: cve-2021-4104: investigated: false @@ -77655,10 +82393,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -77670,9 +82409,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_(%22log4j%22) - notes: This advisory is available for customers only and has not been reviewed - by CISA + - https://puppet.com/blog/puppet-response-to-remote-code-execution-vulnerability-cve-2021-44228/ + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -77703,7 +82441,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/27/2021 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -77736,12 +82475,13 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/20/2021 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Pure Storage - product: FlashBlade + product: Flash Blade cves: cve-2021-4104: investigated: false @@ -77768,7 +82508,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: Patch expected 12/24/2021 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -77782,9 +82523,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: + affected_versions: [] + fixed_versions: - 2.8.0+ - fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -77798,7 +82539,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -77814,7 +82556,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - N/A + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -77828,12 +82570,44 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: Pyramid Analytics - product: '' + - vendor: Pure Storage + product: VM Analytics OVA Collector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < v3.1.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: PuTTY + product: All cves: cve-2021-4104: investigated: false @@ -77841,10 +82615,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.chiark.greenend.org.uk/~sgtatham/putty/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Pyramid Analytics + product: All + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_P.yml b/data/cisagov_P.yml index 2de8672..fb32ba9 100644 --- a/data/cisagov_P.yml +++ b/data/cisagov_P.yml @@ -46,7 +46,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.3+' + - 3.3+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -112,7 +112,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -627,9 +627,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.0.15' - - '9.1.12-h3' - - '10.0.8-h8' + - 9.0.15 + - 9.1.12-h3 + - 10.0.8-h8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1745,7 +1745,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1892,7 +1892,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '7.3.x - 8.6.x' + - 7.3.x - 8.6.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -1906,8 +1906,8 @@ software: unaffected_versions: [] vendor_links: - https://docs.pega.com/security-advisory/security-advisory-apache-log4j-zero-day-vulnerability - notes: Hotfixes made available for registered customers by Pega. When using Stream nodes, - the embedded Kafka instances require a separate hotfix to be installed. + notes: Hotfixes made available for registered customers by Pega. When using Stream + nodes, the embedded Kafka instances require a separate hotfix to be installed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -2041,7 +2041,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2071,7 +2071,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2101,7 +2101,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2131,7 +2131,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2161,7 +2161,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2191,7 +2191,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2221,7 +2221,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2250,7 +2250,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -2281,7 +2281,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2338,7 +2338,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2398,8 +2398,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'B.13' - - 'B.15' + - B.13 + - B.15 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2414,9 +2414,9 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided it is customer - responsibility to validate and deploy patches. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided it is customer responsibility to validate + and deploy patches. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2431,7 +2431,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'L1' + - L1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2462,7 +2462,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v11 and above' + - v11 and above unaffected_versions: [] cve-2021-45046: investigated: false @@ -2476,11 +2476,10 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. - Information or patch available in Inleft. Please contact your - local service support team. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2510,8 +2509,8 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Philips hosting environment is evaluating the VMware provided workaround and - in the process of deploying for managed service customers. + notes: Philips hosting environment is evaluating the VMware provided workaround + and in the process of deploying for managed service customers. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2527,7 +2526,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v9 and above' + - v9 and above unaffected_versions: [] cve-2021-45046: investigated: false @@ -2541,10 +2540,10 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. Information - or patch available in Inleft. Please contact your local service support team. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2559,7 +2558,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'L1' + - L1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2590,7 +2589,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.0 with Practice' + - 2.0 with Practice - '3.0' unaffected_versions: [] cve-2021-45046: @@ -2605,11 +2604,10 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. - Information or patch available in Inleft. Please contact your local - service support team. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2624,7 +2622,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '18.x' + - 18.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2669,11 +2667,10 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. - Information or patch available in Inleft. Please contact your local - service support team. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. Information or patch available in Inleft. Please + contact your local service support team. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2703,9 +2700,9 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2720,7 +2717,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2795,9 +2792,9 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2827,9 +2824,9 @@ software: unaffected_versions: [] vendor_links: - https://www.philips.com/a-w/security/security-advisories/product-security-2021.html#2021_archive - notes: Software only products with customer owned Operating Systems. - For products solutions where the server was provided by Philips, it - will be Philips responsibility to validate and provide patches. + notes: Software only products with customer owned Operating Systems. For products + solutions where the server was provided by Philips, it will be Philips responsibility + to validate and provide patches. references: - '' last_updated: '2021-12-13T07:18:50+00:00' @@ -2875,7 +2872,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '12.2.8' + - 12.2.8 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2920,7 +2917,8 @@ software: unaffected_versions: [] vendor_links: - https://www.phoenixcontact.com/online/portal/pc?1dmy&urile=wcm:path:/pcen/web/offcontext/insite_landing_pages/a7217e47-af46-4c7b-a748-3b6bf94a30a0/a7217e47-af46-4c7b-a748-3b6bf94a30a0 - notes: Cloud Services were either not vulnerable or are completely fixed. No exploits observed. + notes: Cloud Services were either not vulnerable or are completely fixed. No exploits + observed. references: - '' last_updated: '2021-12-22T00:00:00' @@ -2996,7 +2994,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.0 <= version <= 6.3.2' + - 4.0 <= version <= 6.3.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3056,7 +3054,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '8.0 <= version <= 10.3.4' + - 8.0 <= version <= 10.3.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3086,7 +3084,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2.7.2' + - < 2.7.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3116,7 +3114,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 4.3.1' + - < 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3235,7 +3233,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3337,8 +3335,8 @@ software: unaffected_versions: [] vendor_links: - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: This advisory is available to customer only and has not been reviewed by CISA. - Mitigation already applied, patch available. + notes: This advisory is available to customer only and has not been reviewed by + CISA. Mitigation already applied, patch available. references: - '' last_updated: '2021-12-15T00:00:00' @@ -3368,7 +3366,8 @@ software: unaffected_versions: [] vendor_links: - https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1133605 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -3413,7 +3412,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.0 and above' + - 9.0 and above unaffected_versions: [] cve-2021-45046: investigated: false @@ -3443,7 +3442,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.0.2' + - 1.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4477,7 +4476,7 @@ software: - '' last_updated: '2022-01-26T07:18:50+00:00' - vendor: ProofPoint - product: Insiders Threat Management On-Premise + product: Insider Threat Management Saas cves: cve-2021-4104: investigated: false @@ -4487,9 +4486,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4507,7 +4506,7 @@ software: - '' last_updated: '2022-01-26T07:18:50+00:00' - vendor: ProofPoint - product: Insider Threat Management Saas + product: Insiders Threat Management On-Premise cves: cve-2021-4104: investigated: false @@ -4517,9 +4516,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5533,8 +5532,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '12.0.2.2 (CPS03)' - - '12.0.2.3' + - 12.0.2.2 (CPS03) + - 12.0.2.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5566,9 +5565,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '<= 11.1 M020' - - '11.2.1' - - '12.0.0' + - <= 11.1 M020 + - 11.2.1 + - 12.0.0 cve-2021-45046: investigated: false affected_versions: [] @@ -5597,7 +5596,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '12.0.2.0 (CPS01 and CPS02)' + - 12.0.2.0 (CPS01 and CPS02) unaffected_versions: [] cve-2021-45046: investigated: false @@ -5964,7 +5963,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<=1.3' + - <=1.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6176,7 +6175,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '12.0.2.2 (CPS03)' + - 12.0.2.2 (CPS03) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6207,7 +6206,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '12.0.2.0 (CPS01 & CPS02)' + - 12.0.2.0 (CPS01 & CPS02) unaffected_versions: [] cve-2021-45046: investigated: false @@ -6238,8 +6237,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '<=11.2 M020' - - '11.2.1' + - <=11.2 M020 + - 11.2.1 cve-2021-45046: investigated: false affected_versions: [] @@ -6328,7 +6327,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.6/8.6 4.6 SP0 to 12.5' + - 4.6/8.6 4.6 SP0 to 12.5 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6419,7 +6418,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '< 2018' + - < 2018 cve-2021-45046: investigated: false affected_versions: [] @@ -6508,7 +6507,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2 (on prem)' + - 2 (on prem) unaffected_versions: [] cve-2021-45046: investigated: false @@ -6928,7 +6927,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'on prem xServer2' + - on prem xServer2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -7318,8 +7317,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.34 (on prem)' - - '2 (on prem)' + - 1.34 (on prem) + - 2 (on prem) unaffected_versions: [] cve-2021-45046: investigated: false @@ -7350,7 +7349,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '< 1.34 (on prem)' + - < 1.34 (on prem) cve-2021-45046: investigated: false affected_versions: [] @@ -7829,8 +7828,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '3.x' - - '< 4.10.2' + - 3.x + - < 4.10.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -7889,8 +7888,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'CBS6.1.x' - - 'CBS6.2.x' + - CBS6.1.x + - CBS6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7905,7 +7904,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7920,10 +7920,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '5.3.x' - - '6.0.x' - - '6.1.x' - - '6.2.x' + - 5.3.x + - 6.0.x + - 6.1.x + - 6.2.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7938,7 +7938,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7953,9 +7954,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.1.x' - - '3.2.x' - - '3.3.x' + - 3.1.x + - 3.2.x + - 3.3.x fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -7970,7 +7971,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -7986,7 +7988,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.8.0+' + - 2.8.0+ unaffected_versions: [] cve-2021-45046: investigated: false @@ -8000,7 +8002,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -8030,7 +8033,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -8046,7 +8050,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< v3.1.4' + - < v3.1.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8060,7 +8064,8 @@ software: unaffected_versions: [] vendor_links: - https://support.purestorage.com/Field_Bulletins/Interim_Security_Advisory_Regarding_CVE-2021-44228_log4j - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-15T00:00:00' @@ -8107,7 +8112,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] From 42b0cab510dbd6f770466ed5d94730afa54191ec Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 14:24:37 -0500 Subject: [PATCH 205/268] Update E products --- data/cisagov_E.yml | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 687ac2d..8d1d237 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: EasyRedmine - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -34,7 +34,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton - product: Undisclosed + product: All cves: cve-2021-4104: investigated: false @@ -42,9 +42,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Undisclosed + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -59,14 +58,12 @@ software: unaffected_versions: [] vendor_links: - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. + notes: For security purposes direct notifications are being made to impacted customers. Please stay tuned for more updates. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ - product: '' + product: TIP cves: cve-2021-4104: investigated: false @@ -74,8 +71,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '< 2.11' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -90,12 +88,15 @@ software: unaffected_versions: [] vendor_links: - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by CISA. + The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch + and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. + See link in their own fix for Logstash (Support account needed, ongoing investigation) references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -124,7 +125,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -132,10 +133,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -153,7 +155,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: EFI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -182,7 +184,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: EGroupware - product: '' + product: All cves: cve-2021-4104: investigated: false From ddedd0d7a44fd38505f986d111b4204b1dc8ac4f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 8 Feb 2022 16:23:38 -0500 Subject: [PATCH 206/268] Update Elastic products --- data/cisagov_E.yml | 158 +++++++++++++++++++++------------------------ 1 file changed, 72 insertions(+), 86 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 8d1d237..c8657ee 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -183,8 +183,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EGroupware - product: All + - vendor: eG Innovations + product: eG Enterprise cves: cve-2021-4104: investigated: false @@ -192,10 +192,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '7.1.8 - 7.1.9' cve-2021-45046: investigated: false affected_versions: [] @@ -207,13 +208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + - https://www.eginnovations.com/brochures/eGEnterprise-and-Log4jShell-Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Elastic - product: APM Java Agent + last_updated: '2022-01-06T00:00:00' + - vendor: EGroupware + product: All cves: cve-2021-4104: investigated: false @@ -236,13 +237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic - product: APM Server + product: APM Java Agent cves: cve-2021-4104: investigated: false @@ -250,9 +251,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.17.0 - 1.28.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -266,12 +268,12 @@ software: unaffected_versions: [] vendor_links: - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + notes: Only vulnerable with specific configuration. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Beats + product: APM Server cves: cve-2021-4104: investigated: false @@ -279,10 +281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -300,7 +303,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Cmd + product: Beats cves: cve-2021-4104: investigated: false @@ -308,10 +311,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -329,7 +333,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Agent + product: Cmd cves: cve-2021-4104: investigated: false @@ -337,10 +341,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -358,7 +363,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud + product: Elastic Agent cves: cve-2021-4104: investigated: false @@ -366,10 +371,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -387,7 +393,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -395,10 +401,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -424,10 +431,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -453,10 +461,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -482,10 +491,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -511,10 +521,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -541,11 +552,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '5' - - '6' - - '8' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '7.16.2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -572,10 +581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -601,10 +611,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -630,10 +641,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -659,10 +671,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -689,10 +702,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <6.8.21 - - <7.16.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '6.8.22' unaffected_versions: [] cve-2021-45046: investigated: false @@ -719,10 +731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -748,10 +761,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -768,34 +782,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian product: Admin cves: From 898f6f50ed282d3f1a0c8b78380dae2bf2b98ea3 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 9 Feb 2022 11:20:32 -0500 Subject: [PATCH 207/268] Update Ellucian products --- data/cisagov_E.yml | 169 +++++++++++++++++++++++++++------------------ 1 file changed, 101 insertions(+), 68 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index c8657ee..4a53c2b 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -791,10 +791,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -820,8 +821,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -849,10 +851,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -878,10 +881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -907,10 +911,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -936,10 +941,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -965,10 +971,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -994,10 +1001,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1023,8 +1031,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1052,10 +1061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1081,10 +1091,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1110,10 +1121,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1139,10 +1151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1168,10 +1181,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1197,10 +1211,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1226,10 +1241,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1247,7 +1263,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: Ellucian Portal cves: cve-2021-4104: investigated: false @@ -1255,10 +1271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1284,10 +1301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1313,10 +1331,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1342,10 +1361,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1371,10 +1391,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1400,10 +1421,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1429,10 +1451,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1458,10 +1481,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1487,10 +1511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1516,10 +1541,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1545,10 +1571,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1574,10 +1601,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1603,10 +1631,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1632,10 +1661,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1661,10 +1691,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1690,10 +1721,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1711,7 +1743,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Enterprise Identity Services (BEIS) cves: cve-2021-4104: investigated: false @@ -1719,10 +1751,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 3fdc42c400c7a942c5f254467add52f6a2e03794 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 9 Feb 2022 12:22:32 -0500 Subject: [PATCH 208/268] Update Emerson products, remove duplicates --- data/cisagov_E.yml | 758 +++++++++++++++------------------------------ 1 file changed, 256 insertions(+), 502 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 4a53c2b..4d3c23a 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -1781,10 +1781,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1810,10 +1811,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1839,10 +1841,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1868,10 +1871,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1897,10 +1901,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1926,10 +1931,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1955,10 +1961,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1984,10 +1991,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2013,10 +2021,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2042,10 +2051,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2071,10 +2081,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2100,10 +2111,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2129,10 +2141,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2158,10 +2171,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2187,39 +2201,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 4732 Endeavor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2245,10 +2231,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2274,39 +2261,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 5726 Transmitter - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2332,10 +2291,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2361,10 +2321,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2390,10 +2351,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2419,10 +2381,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2440,7 +2403,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: Combustion - OCX OXT 6888 CX1100 6888Xi cves: cve-2021-4104: investigated: false @@ -2448,10 +2411,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2477,10 +2441,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2506,10 +2471,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2535,10 +2501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2564,10 +2531,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2593,10 +2561,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2622,10 +2591,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2651,10 +2621,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2680,10 +2651,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2709,272 +2681,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: DHNC1 DHNC2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Emerson Aperio software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Engineering Assistant 5.x & 6.x - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Fieldwatch and Service consoles - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2992,7 +2703,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -3000,10 +2711,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3021,7 +2733,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -3029,10 +2741,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3050,7 +2763,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -3058,10 +2771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3079,7 +2793,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: Engineering Assistant cves: cve-2021-4104: investigated: false @@ -3087,10 +2801,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '5.x' + - '6.x' cve-2021-45046: investigated: false affected_versions: [] @@ -3108,9 +2824,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -3118,10 +2832,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3139,9 +2854,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -3149,10 +2862,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3170,7 +2884,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: Flame Detection - 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector cves: cve-2021-4104: investigated: false @@ -3178,10 +2893,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3199,7 +2915,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -3207,10 +2923,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3228,7 +2945,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -3236,10 +2953,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3257,7 +2975,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: Gas Analysis - X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) cves: cve-2021-4104: investigated: false @@ -3265,10 +2983,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3286,7 +3005,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: Gas Chromatographs - M500/2350A MON2000 700XA/1500XA 370XA MON2020 cves: cve-2021-4104: investigated: false @@ -3294,10 +3013,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3315,7 +3035,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: Gas Detection - Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor cves: cve-2021-4104: investigated: false @@ -3323,10 +3045,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3344,7 +3067,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -3352,10 +3075,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3373,7 +3097,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -3381,10 +3105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3402,7 +3127,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: Liquid Transmitters - 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -3410,10 +3135,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3431,7 +3157,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -3439,10 +3165,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3460,7 +3187,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -3468,10 +3195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3489,7 +3217,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -3497,10 +3225,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3518,7 +3247,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -3526,10 +3255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3555,10 +3285,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3584,10 +3315,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3613,10 +3345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3642,10 +3375,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3671,10 +3405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3700,10 +3435,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3729,10 +3465,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3758,10 +3495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3787,10 +3525,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3816,10 +3555,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3845,10 +3585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3874,10 +3615,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3903,10 +3645,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3932,10 +3675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3953,7 +3697,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + product: Rosemount RadarMaster cves: cve-2021-4104: investigated: false @@ -3961,10 +3705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3982,7 +3727,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + product: Rosemount RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -3990,10 +3735,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4011,7 +3757,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -4019,10 +3765,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4040,7 +3787,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + product: Rosemount TankMaster cves: cve-2021-4104: investigated: false @@ -4048,10 +3795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4069,7 +3817,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: Rosemount TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -4077,10 +3825,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4098,7 +3847,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -4106,10 +3855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4127,7 +3877,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4135,10 +3885,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4156,7 +3907,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Vortex and Magmeter Transmitters + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -4164,10 +3915,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4185,7 +3937,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: WCM SWGM + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -4193,10 +3945,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4222,10 +3975,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4243,7 +3997,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: EnterpriseDT - product: '' + product: All cves: cve-2021-4104: investigated: false From 5a93b997116424e22aee5d87c6e7a8fa260eb6d6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 9 Feb 2022 12:27:05 -0500 Subject: [PATCH 209/268] Add Enfocus products --- data/cisagov_E.yml | 179 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 179 insertions(+) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 4d3c23a..48c5cbe 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -3996,6 +3996,185 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: Enfocus + product: BoardingPass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PDF Review Module + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PitStop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Switch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enovation + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://enovationgroup.com/nl/nieuws/log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: EnterpriseDT product: All cves: From 8effab4f68470ed8a2da8b42ef18e3eaff2f9586 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 9 Feb 2022 16:42:05 -0500 Subject: [PATCH 210/268] Add ESET products, update Estos --- data/cisagov_E.yml | 42 +++++++++++++++++++++++++++++++++++++----- 1 file changed, 37 insertions(+), 5 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 48c5cbe..bff6eaf 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4205,7 +4205,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ESET - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4213,10 +4213,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: Secure Authentication + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4420,7 +4451,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Estos - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4428,10 +4459,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4449,7 +4481,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Evolveum Midpoint - product: '' + product: All cves: cve-2021-4104: investigated: false From 1cb6e3a7cb68c99224e0ad9a5fb385d4c1fb0212 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 08:01:03 -0500 Subject: [PATCH 211/268] Update var. E products --- data/cisagov_E.yml | 70 ++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 65 insertions(+), 5 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index bff6eaf..1762e0d 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4480,8 +4480,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Evolveum Midpoint - product: All + - vendor: EVL Labs + product: JGAAP cves: cve-2021-4104: investigated: false @@ -4489,10 +4489,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<8.0.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Evolveum Midpoint + product: Midpoint + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -4521,8 +4552,37 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' + references: + - '' + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Ewon + product: eCatcher + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.7.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4540,7 +4600,7 @@ software: - '' last_updated: '2022-02-02T07:18:50+00:00' - vendor: Exabeam - product: '' + product: All cves: cve-2021-4104: investigated: false From b39b98ad567283948e33f66f1b57b3553064633b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 08:23:37 -0500 Subject: [PATCH 212/268] Add Exact products --- data/cisagov_E.yml | 1095 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 1089 insertions(+), 6 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 1762e0d..574a282 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -4630,7 +4630,847 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact - product: '' + product: AEC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Audition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: BoekhoudGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Bouw7 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Business Suite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: CommunicatieGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Consolidation powered by LucaNet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Digipoort + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: DigitaleFactuur + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Dimoni + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: EDI Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Financials + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FiscaalGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe E-report/Crystal Reports + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Go2UBL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Gripp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: HR & SalarisGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Insights (Qlik) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Officient + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online All core products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Samenwerken (OSW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Payroll Plus (Loket) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProAcc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProQuro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: RapportageGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Reeleezee cves: cve-2021-4104: investigated: false @@ -4638,10 +5478,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ScanSys + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -4658,8 +5529,158 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exivity - product: '' + - vendor: Exact + product: SRXP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.6.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WerkprogrammaGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Winbooks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WMS cves: cve-2021-4104: investigated: false @@ -4667,10 +5688,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exivity + product: On-Premise + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -4687,6 +5739,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extensis + product: Universal Type Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=7.0.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.extensis.com/hc/en-us/articles/4412767414299-Universal-Type-Server-7-and-Log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: ExtraHop product: Reveal(x) cves: @@ -4720,7 +5802,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: eXtreme Hosting - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4728,10 +5810,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 4c3b1cf06a9d6237a623de8d5cdfc004e3d9d35c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 08:43:27 -0500 Subject: [PATCH 213/268] Add Extreme Networks products --- data/cisagov_E.yml | 966 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 964 insertions(+), 2 deletions(-) diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 574a282..9103b9b 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -5832,7 +5832,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extreme Networks - product: '' + product: 200-series cves: cve-2021-4104: investigated: false @@ -5840,10 +5840,972 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: BOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: EXOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme AirDefense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Campus Controller (Extreme Cloud Appliance) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Fabric Automation (EFA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Management Center (XMC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Visibility Manager (XVM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeAnalytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud A3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud IQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeGuest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeLocation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeWireless (IdentiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Fabric Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Guest and IoT Manager (GIM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema Ip | Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SALSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '9.3.8' + - '9.4.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SD-WAN Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQEngine (HiveOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '21.1.22.1-IQVA' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NetIron OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Network OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: SLX-OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Traffic Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VGVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: WiNG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5861,7 +6823,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Extron - product: '' + product: All cves: cve-2021-4104: investigated: false From 934d7df0c3277a3db011886dd1ea36aea5ca9e42 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:50:54 +0000 Subject: [PATCH 214/268] Update the software list --- SOFTWARE-LIST.md | 375 +++--- data/cisagov.yml | 3186 ++++++++++++++++++++++++++++++++++++-------- data/cisagov_E.yml | 139 +- 3 files changed, 2929 insertions(+), 771 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 801cf5b..5514bf7 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -1025,169 +1025,234 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Dynatrace | SAAS | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Dynatrace | Synthetic Private ActiveGate | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | Please see Dynatrace Communication for details | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Dynatrace | Synthetic public locations | | | Fixed | [link](https://www.dynatrace.com/news/security-alert/log4shell-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| EasyRedmine | | | | Unknown | [link](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Eaton | Undisclosed | Undisclosed | | Affected | [link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | Doesn't openly disclose what products are affected or not for quote 'security purposes'. Needs email registration. No workaround provided due to registration wall. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| EclecticIQ | | | | Unknown | [link](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Eclipse Foundation | | | | Unknown | [link](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Edwards | | | | Unknown | [link](https://www.edwards.com/devices/support/product-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | -| EFI | | | | Unknown | [link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| EGroupware | | | | Unknown | [link](https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Elastic | APM Java Agent | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | APM Server | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Beats | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Cmd | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Agent | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud Enterprise | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud Enterprise | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Cloud on Kubernetes | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Endgame | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elastic Maps Service | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Elasticsearch | 5, 6, 8 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Endpoint Security | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Enterprise Search | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Fleet Server | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Kibana | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Logstash | <6.8.21, <7.16.1 | | Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Machine Learning | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Elastic | Swiftype | | | Unknown | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| ElasticSearch | all products | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ellucian | Admin | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Document Management (includes Banner Document Retention) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Event Publisher | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Integration for eLearning | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Integration for eProcurement | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Self Service | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Banner Workflow | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Colleague | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | On-prem and cloud deployements expect fixed 12/18/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Colleague Analytics | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | CRM Advance | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | CRM Advise | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | CRM Recruit | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Advance Web Connector | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Data Access | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Design Path | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ellucian Portal | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian ePrint | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ethos API & API Management Center | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ethos Extend | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Ethos Integration | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian eTranscripts | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Experience | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Intelligent Platform (ILP) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian International Student and Scholar Management (ISSM) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Message Service (EMS) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Messaging Adapter (EMA) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Mobile | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Payment Gateway | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian PowerCampus | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Solution Manager | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Ellucian Workflow | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Ellucian | Enterprise Identity Services(BEIS) | | | Unknown | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 148 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 2051 Pressure Transmitter Family | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 2088 Pressure Transmitter Family | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 2090F/2090P Pressure Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 215 Pressure Sensor Module | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 248 Configuration Application | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 248 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 3051 & 3051S Pressure transmitter families | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 3144P Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 326P Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 326T Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 327T Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4088 Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4088 Upgrade Utility | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4600 Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4732 Endeavor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 4732 Endeavor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 550 PT Pressure Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 5726 Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 5726 Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 644 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 648 Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | 848T Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Combustion: OCX OXT 6888 CX1100 6888Xi | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT2211 QCL Aerosol Microleak Detection System | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4215 QCL Packaging Leak Detection System | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | DHNC1 DHNC2 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | DHNC1 DHNC2 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Emerson Aperio software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Engineering Assistant 5.x & 6.x | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Fieldwatch and Service consoles | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Fieldwatch and Service consoles | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Incus Ultrasonic gas leak detector | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | K-Series Coriolis Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | K-Series Coriolis Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Liquid Transmitters: 5081 1066 1056 1057 56 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Mark III Gas and Liquid USM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Mark III Gas and Liquid USM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | MPFM2600 & MPFM5726 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | MPFM2600 & MPFM5726 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Configuration Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Configuration Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Mobile Application & ProcessViz Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Prolink Mobile Application & ProcessViz Software | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2230 Graphical Field Display | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2410 Tank Hub | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 2460 System Hub | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount 3490 Controller | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount CMS/IOU 61 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount CMS/SCU 51/SCC | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount CMS/WSU 51/SWF 51 | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount IO-Link Assistant | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Level Detectors (21xx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Radar Configuration Tool | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount RadarMaster and RadarMaster Plus | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Rosemount TankMaster and TankMaster Mobile | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Vortex and Magmeter Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | Vortex and Magmeter Transmitters | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | WCM SWGM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Emerson | WCM SWGM | | | Unknown | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| EnterpriseDT | | | | Unknown | [link](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ESET | | | | Unknown | [link](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EasyRedmine | All | | | Unknown | [link](https://www.easyredmine.com/news/easy-redmine-application-is-not-affected-by-the-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Eaton | All | | | Unknown | [link](https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf) | For security purposes direct notifications are being made to impacted customers. Please stay tuned for more updates. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EclecticIQ | TIP | < 2.11 | | Affected | [link](https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2) | This advisory is available to customer only and has not been reviewed by CISA. The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. See link in their own fix for Logstash (Support account needed, ongoing investigation) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Eclipse Foundation | All | | | Unknown | [link](https://wiki.eclipse.org/Eclipse_and_log4j2_vulnerability_(CVE-2021-44228)) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Edwards | All | | | Not Affected | [link](https://www.edwards.com/devices/support/product-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| EFI | All | | | Unknown | [link](https://communities.efi.com/s/article/Are-Fiery-Servers-vulnerable-to-CVE-2021-44228-Apache-Log4j2?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| eG Innovations | eG Enterprise | | | Not Affected | [link](https://www.eginnovations.com/brochures/eGEnterprise-and-Log4jShell-Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-06 | +| EGroupware | All | | | Unknown | [link](https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Elastic | APM Java Agent | | 1.17.0 - 1.28.0 | Fixed | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | Only vulnerable with specific configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | APM Server | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Beats | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Cmd | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Agent | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Cloud | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Cloud Enterprise | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Cloud on Kubernetes | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Endgame | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elastic Maps Service | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Elasticsearch | | 7.16.2 | Fixed | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Endpoint Security | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Enterprise Search | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Fleet Server | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Kibana | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Logstash | | 6.8.22 | Fixed | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Machine Learning | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Elastic | Swiftype | | | Not Affected | [link](https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Ellucian | Admin | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Analytics | | | Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Document Management (includes Banner Document Retention) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Event Publisher | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Integration for eLearning | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Integration for eProcurement | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Self Service | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Banner Workflow | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Colleague | | | Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | On-prem and cloud deployements expect fixed 12/18/2021 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Colleague Analytics | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | CRM Advance | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | CRM Advise | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | CRM Recruit | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Advance Web Connector | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Data Access | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Design Path | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian ePrint | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Ethos API & API Management Center | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Ethos Extend | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Ethos Integration | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian eTranscripts | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Experience | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Intelligent Platform (ILP) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian International Student and Scholar Management (ISSM) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Message Service (EMS) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Messaging Adapter (EMA) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Mobile | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Payment Gateway | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Portal | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian PowerCampus | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Solution Manager | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Ellucian Workflow | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Ellucian | Enterprise Identity Services (BEIS) | | | Not Affected | [link](https://www.ellucian.com/news/ellucian-response-apache-log4j-issue) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 148 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 2051 Pressure Transmitter Family | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 2088 Pressure Transmitter Family | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 2090F/2090P Pressure Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 215 Pressure Sensor Module | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 248 Configuration Application | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 248 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 3051 & 3051S Pressure transmitter families | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 3144P Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 326P Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 326T Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 327T Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4088 Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4088 Upgrade Utility | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4600 Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 4732 Endeavor | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 550 PT Pressure Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 5726 Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 644 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 648 Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | 848T Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Combustion - OCX OXT 6888 CX1100 6888Xi | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT2211 QCL Aerosol Microleak Detection System | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT3000 QCL Automotive OEM Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4000 QCL Marine OEM Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4215 QCL Packaging Leak Detection System | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4400 QCL General Purpose Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT4404 QCL pMDI Leak Detection Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT5100 QCL Field Housing Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT5400 QCL General Purpose Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | CT5800 QCL Flameproof Housing Continuous Gas Analyzer | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | DHNC1 DHNC2 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | DHNC1 DHNC2 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Emerson Aperio software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Engineering Assistant | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Fieldwatch and Service consoles | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Fieldwatch and Service consoles | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Flame Detection - 975UF & 975UR Infrared Flame Detectors 975HR Infrared Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Flarecheck FlowCheck Flowel & PWAM software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Gas Analysis - X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Gas Chromatographs - M500/2350A MON2000 700XA/1500XA 370XA MON2020 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Gas Detection - Millennium II Basic Single & Dual Channel 928 Wireless Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle Monitor | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Incus Ultrasonic gas leak detector | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | K-Series Coriolis Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Liquid Transmitters - 5081 1066 1056 1057 56' | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Mark III Gas and Liquid USM | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | MPFM2600 & MPFM5726 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Plantweb Advisor for Metrology and Metering Suite SDK | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Prolink Configuration Software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Prolink Mobile Application & ProcessViz Software | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2230 Graphical Field Display | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2240S Multi-input Temperature Transmitter | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2410 Tank Hub | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 2460 System Hub | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount 3490 Controller | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount CMS/IOU 61 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount CMS/SCU 51/SCC | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount CMS/WSU 51/SWF 51 | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount IO-Link Assistant | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Level Detectors (21xx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Radar Configuration Tool | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Radar Level Gauges (Pro 39xx 59xx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount RadarMaster | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount RadarMaster Plus | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount Tank Radar Gauges (TGUxx) | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount TankMaster | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Rosemount TankMaster Mobile | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Spectrex family Flame Detectors and Rosemount 975 flame detector | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | USM 3410 and 3810 Series Ultrasonic Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | Vortex and Magmeter Transmitters | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Emerson | WCM SWGM | | | Not Affected | [link](https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Enfocus | BoardingPass | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | Connect | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | PDF Review Module | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | PitStop | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enfocus | Switch | | | Not Affected | [link](https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Enovation | All | | | Unknown | [link](https://enovationgroup.com/nl/nieuws/log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EnterpriseDT | All | | | Unknown | [link](https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ESET | All | | | Not Affected | [link](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ESET | Secure Authentication | | | Fixed | [link](https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ESRI | ArcGIS Data Store | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS Enterprise | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS GeoEvent Server | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS Server | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | ArcGIS Workflow Manager Server | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | ESRI | Portal for ArcGIS | | All | Fixed | [link](https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/) | Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Estos | | | | Unknown | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Evolveum Midpoint | | | | Unknown | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Estos | All | | | Not Affected | [link](https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| EVL Labs | JGAAP | | <8.0.2 | Fixed | [link](https://github.com/evllabs/JGAAP/releases/tag/v8.0.2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Evolveum Midpoint | Midpoint | | | Not Affected | [link](https://evolveum.com/midpoint-not-vulnerable-to-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Ewon | All | | | Not Affected | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | -| Exabeam | | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Exact | | | | Unknown | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Exivity | | | | Unknown | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ewon | eCatcher | | 6.7.6 | Fixed | [link](https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | +| Exabeam | All | | | Unknown | [link](https://community.exabeam.com/s/discussions?t=1639379479381) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | AEC | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Audition | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | BoekhoudGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Bouw7 | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Business Suite | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | CommunicatieGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Consolidation powered by LucaNet | | | Fixed | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Digipoort | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | DigitaleFactuur | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Dimoni | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | EDI Gateway | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | FDS | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Financials | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | FiscaalGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Globe Core Product | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Globe E-report/Crystal Reports | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Go2UBL | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Gripp | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | HR & SalarisGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Insights (Qlik) | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Officient | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Online All core products | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Online Elastic Search | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Online Samenwerken (OSW) | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Payroll Plus (Loket) | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | ProAcc | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | ProQuro | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | RapportageGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Reeleezee | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | ScanSys | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | SRXP | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Synergy Core Product | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Synergy Elastic Search | | 6.6.2 | Fixed | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | WerkprogrammaGemak | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | Winbooks | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exact | WMS | | | Not Affected | [link](https://www.exact.com/news/general-statement-apache-leak) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Exivity | On-Premise | | | Not Affected | [link](https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extensis | Universal Type Server | | >=7.0.6 | Fixed | [link](https://help.extensis.com/hc/en-us/articles/4412767414299-Universal-Type-Server-7-and-Log4j-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | ExtraHop | Reveal(x) | <=8.4.6, <=8.5.3, <=8.6.4 | | Affected | [link](https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148) | Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| eXtreme Hosting | | | | Unknown | [link](https://extremehosting.nl/log4shell-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Extreme Networks | | | | Unknown | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Extron | | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| eXtreme Hosting | All | | | Not Affected | [link](https://extremehosting.nl/log4shell-log4j/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | 200-series | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | BOSS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | EXOS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme AirDefense | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Campus Controller (Extreme Cloud Appliance) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Fabric Automation (EFA) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Management Center (XMC) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Extreme Visibility Manager (XVM) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeAnalytics | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeCloud A3 | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeCloud IQ | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeConnect | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeControl | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeGuest | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeLocation | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | ExtremeWireless (IdentiFi) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Fabric Manager | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Guest and IoT Manager (GIM) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | HiveManager Classic On-Premises | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | HiveManager Classic Online | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Ipanema Ip | Engine | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Ipanema SALSA | | 9.3.8, 9.4.3 | Fixed | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Ipanema SD-WAN Orchestrator | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | IQEngine (HiveOS) | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | IQVA | | 21.1.22.1-IQVA | Fixed | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | NetIron OS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Network OS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | NSight | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | SLX-OS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | Traffic Sensor | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | VGVA | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | VOSS | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extreme Networks | WiNG | | | Not Affected | [link](https://extremeportal.force.com/ExtrArticleDetail?an=000100806) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Extron | All | | | Unknown | [link](https://www.extron.com/featured/Security-at-Extron/extron-security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F-Secure | Elements Connector | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F-Secure | Endpoint Proxy | | 13 through 15 | Fixed | [link](https://status.f-secure.com/incidents/sk8vmr0h34pd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | F-Secure | Messaging Security Gateway | | | Fixed | [link](https://community.f-secure.com/common-business-en/kb/articles/9226-the-log4j-vulnerability-cve-2021-44228-which-f-secure-products-are-affected-what-it-means-what-steps-should-you-take) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 08cb0c2..54e5782 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -30015,7 +30015,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: EasyRedmine - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -30044,7 +30044,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eaton - product: Undisclosed + product: All cves: cve-2021-4104: investigated: false @@ -30052,9 +30052,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Undisclosed + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -30069,14 +30068,13 @@ software: unaffected_versions: [] vendor_links: - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: Doesn't openly disclose what products are affected or not for quote 'security - purposes'. Needs email registration. No workaround provided due to registration - wall. + notes: For security purposes direct notifications are being made to impacted customers. Please + stay tuned for more updates. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: EclecticIQ - product: '' + product: TIP cves: cve-2021-4104: investigated: false @@ -30084,8 +30082,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - < 2.11 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -30100,12 +30099,15 @@ software: unaffected_versions: [] vendor_links: - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 - notes: '' + notes: This advisory is available to customer only and has not been reviewed by + CISA. The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch + and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. + See link in their own fix for Logstash (Support account needed, ongoing investigation) references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Eclipse Foundation - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -30134,7 +30136,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Edwards - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -30142,10 +30144,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30163,7 +30166,7 @@ software: - '' last_updated: '2022-01-06T00:00:00' - vendor: EFI - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -30191,8 +30194,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: EGroupware - product: '' + - vendor: eG Innovations + product: eG Enterprise cves: cve-2021-4104: investigated: false @@ -30200,10 +30203,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 7.1.8 - 7.1.9 cve-2021-45046: investigated: false affected_versions: [] @@ -30215,13 +30219,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 + - https://www.eginnovations.com/brochures/eGEnterprise-and-Log4jShell-Vulnerability.pdf notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Elastic - product: APM Java Agent + last_updated: '2022-01-06T00:00:00' + - vendor: EGroupware + product: All cves: cve-2021-4104: investigated: false @@ -30244,13 +30248,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 + - https://help.egroupware.org/t/uk-de-statement-log4j-log4shell/76430 notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Elastic - product: APM Server + product: APM Java Agent cves: cve-2021-4104: investigated: false @@ -30258,9 +30262,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 1.17.0 - 1.28.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -30274,12 +30279,12 @@ software: unaffected_versions: [] vendor_links: - https://discuss.elastic.co/t/apache-log4j2-remote-code-execution-rce-vulnerability-cve-2021-44228-esa-2021-31/291476 - notes: '' + notes: Only vulnerable with specific configuration. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Beats + product: APM Server cves: cve-2021-4104: investigated: false @@ -30287,10 +30292,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30308,7 +30314,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Cmd + product: Beats cves: cve-2021-4104: investigated: false @@ -30316,10 +30322,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30337,7 +30344,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Agent + product: Cmd cves: cve-2021-4104: investigated: false @@ -30345,10 +30352,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30366,7 +30374,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud + product: Elastic Agent cves: cve-2021-4104: investigated: false @@ -30374,10 +30382,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30395,7 +30404,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: Elastic - product: Elastic Cloud Enterprise + product: Elastic Cloud cves: cve-2021-4104: investigated: false @@ -30403,10 +30412,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30432,10 +30442,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30461,10 +30472,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30490,10 +30502,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30519,10 +30532,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30549,11 +30563,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '5' - - '6' - - '8' - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 7.16.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -30580,10 +30592,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30609,10 +30622,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30638,10 +30652,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30667,10 +30682,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30697,10 +30713,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <6.8.21 - - <7.16.1 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 6.8.22 unaffected_versions: [] cve-2021-45046: investigated: false @@ -30727,10 +30742,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30756,10 +30772,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30776,34 +30793,6 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' - - vendor: ElasticSearch - product: all products - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ellucian product: Admin cves: @@ -30813,10 +30802,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30842,8 +30832,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -30871,10 +30862,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30900,10 +30892,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30929,10 +30922,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30958,10 +30952,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -30987,10 +30982,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31016,10 +31012,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31045,8 +31042,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -31074,10 +31072,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31103,10 +31102,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31132,10 +31132,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31161,10 +31162,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31190,10 +31192,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31219,10 +31222,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31248,10 +31252,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31269,7 +31274,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ellucian Portal + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -31277,11 +31282,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] @@ -31298,7 +31304,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -31306,10 +31312,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31327,7 +31334,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -31335,10 +31342,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31356,7 +31364,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -31364,10 +31372,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31385,7 +31394,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -31393,10 +31402,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31414,7 +31424,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -31422,10 +31432,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31443,7 +31454,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -31451,10 +31462,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31472,7 +31484,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -31480,10 +31492,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31501,7 +31514,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -31509,10 +31522,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31530,7 +31544,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -31538,10 +31552,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31559,7 +31574,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -31567,10 +31582,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31588,7 +31604,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -31596,10 +31612,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31617,7 +31634,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian Portal cves: cve-2021-4104: investigated: false @@ -31625,10 +31642,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31654,10 +31672,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31683,10 +31702,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31712,10 +31732,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31733,7 +31754,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Enterprise Identity Services(BEIS) + product: Enterprise Identity Services (BEIS) cves: cve-2021-4104: investigated: false @@ -31741,10 +31762,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31770,10 +31792,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31799,10 +31822,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31828,10 +31852,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31857,10 +31882,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31886,10 +31912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31915,10 +31942,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31944,10 +31972,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -31973,10 +32002,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32002,10 +32032,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32031,10 +32062,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32060,10 +32092,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32089,10 +32122,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32118,10 +32152,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32147,10 +32182,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32176,10 +32212,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32205,10 +32242,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32226,7 +32264,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 4732 Endeavor + product: 550 PT Pressure Transmitter cves: cve-2021-4104: investigated: false @@ -32234,10 +32272,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32255,7 +32294,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 550 PT Pressure Transmitter + product: 5726 Transmitter cves: cve-2021-4104: investigated: false @@ -32263,10 +32302,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32284,7 +32324,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 644 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32292,10 +32332,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32313,7 +32354,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 5726 Transmitter + product: 648 Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32321,10 +32362,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32342,7 +32384,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 644 Temperature Transmitter + product: 848T Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -32350,10 +32392,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32371,7 +32414,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 648 Temperature Transmitter + product: Combustion - OCX OXT 6888 CX1100 6888Xi cves: cve-2021-4104: investigated: false @@ -32379,10 +32422,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32400,7 +32444,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 848T Temperature Transmitter + product: CT2211 QCL Aerosol Microleak Detection System cves: cve-2021-4104: investigated: false @@ -32408,10 +32452,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32429,7 +32474,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Combustion: OCX OXT 6888 CX1100 6888Xi' + product: CT3000 QCL Automotive OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32437,10 +32482,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32458,7 +32504,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT2211 QCL Aerosol Microleak Detection System + product: CT4000 QCL Marine OEM Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32466,10 +32512,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32487,7 +32534,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT3000 QCL Automotive OEM Gas Analyzer + product: CT4215 QCL Packaging Leak Detection System cves: cve-2021-4104: investigated: false @@ -32495,10 +32542,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32516,7 +32564,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4000 QCL Marine OEM Gas Analyzer + product: CT4400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32524,10 +32572,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32545,7 +32594,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4215 QCL Packaging Leak Detection System + product: CT4404 QCL pMDI Leak Detection Analyzer cves: cve-2021-4104: investigated: false @@ -32553,10 +32602,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32574,7 +32624,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4400 QCL General Purpose Continuous Gas Analyzer + product: CT5100 QCL Field Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32582,10 +32632,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32603,7 +32654,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT4404 QCL pMDI Leak Detection Analyzer + product: CT5400 QCL General Purpose Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32611,10 +32662,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32632,7 +32684,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5100 QCL Field Housing Continuous Gas Analyzer + product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer cves: cve-2021-4104: investigated: false @@ -32640,10 +32692,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32661,7 +32714,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5400 QCL General Purpose Continuous Gas Analyzer + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -32669,10 +32722,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32690,7 +32744,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: CT5800 QCL Flameproof Housing Continuous Gas Analyzer + product: DHNC1 DHNC2 cves: cve-2021-4104: investigated: false @@ -32698,10 +32752,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32719,7 +32774,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: Emerson Aperio software cves: cve-2021-4104: investigated: false @@ -32727,10 +32782,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32748,7 +32804,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: DHNC1 DHNC2 + product: Engineering Assistant cves: cve-2021-4104: investigated: false @@ -32756,10 +32812,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 5.x + - 6.x cve-2021-45046: investigated: false affected_versions: [] @@ -32777,7 +32835,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Emerson Aperio software + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -32785,10 +32843,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32806,7 +32865,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Engineering Assistant 5.x & 6.x + product: Fieldwatch and Service consoles cves: cve-2021-4104: investigated: false @@ -32814,10 +32873,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32835,7 +32895,8 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: Flame Detection - 975UF & 975UR Infrared Flame Detectors 975HR Infrared + Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector cves: cve-2021-4104: investigated: false @@ -32843,10 +32904,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32864,7 +32926,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Fieldwatch and Service consoles + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -32872,10 +32934,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32893,8 +32956,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Flame Detection: 975UF & 975UR Infrared Flame Detectors 975HR Infrared - Hydrogen Flame Detector 975MR Multi-Spectrum Infrared Flame Detector' + product: Flarecheck FlowCheck Flowel & PWAM software cves: cve-2021-4104: investigated: false @@ -32902,10 +32964,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32923,7 +32986,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: Gas Analysis - X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD) cves: cve-2021-4104: investigated: false @@ -32931,10 +32994,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32952,7 +33016,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Flarecheck FlowCheck Flowel & PWAM software + product: Gas Chromatographs - M500/2350A MON2000 700XA/1500XA 370XA MON2020 cves: cve-2021-4104: investigated: false @@ -32960,10 +33024,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -32981,7 +33046,9 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: Gas Detection - Millennium II Basic Single & Dual Channel 928 Wireless + Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle + Monitor cves: cve-2021-4104: investigated: false @@ -32989,10 +33056,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33010,7 +33078,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Analysis: X-STREAM Enhanced (XEGP XEGK XEGC XEGF XEFD XECLD)' + product: Incus Ultrasonic gas leak detector cves: cve-2021-4104: investigated: false @@ -33018,10 +33086,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33039,7 +33108,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: K-Series Coriolis Transmitters cves: cve-2021-4104: investigated: false @@ -33047,10 +33116,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33068,7 +33138,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Chromatographs: M500/2350A MON2000 700XA/1500XA 370XA MON2020' + product: Liquid Transmitters - 5081 1066 1056 1057 56' cves: cve-2021-4104: investigated: false @@ -33076,10 +33146,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33097,9 +33168,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: Mark III Gas and Liquid USM cves: cve-2021-4104: investigated: false @@ -33107,10 +33176,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33128,9 +33198,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Gas Detection: Millennium II Basic Single & Dual Channel 928 Wireless - Gas Monitor/628 Gas Sensor 935 & 936 Open Path Gas Detector Millennium Air Particle - Monitor' + product: MPFM2600 & MPFM5726 cves: cve-2021-4104: investigated: false @@ -33138,10 +33206,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33159,7 +33228,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Incus Ultrasonic gas leak detector + product: Plantweb Advisor for Metrology and Metering Suite SDK cves: cve-2021-4104: investigated: false @@ -33167,10 +33236,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33188,7 +33258,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: Prolink Configuration Software cves: cve-2021-4104: investigated: false @@ -33196,10 +33266,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33217,7 +33288,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: K-Series Coriolis Transmitters + product: Prolink Mobile Application & ProcessViz Software cves: cve-2021-4104: investigated: false @@ -33225,10 +33296,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33246,7 +33318,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: 'Liquid Transmitters: 5081 1066 1056 1057 56' + product: Rosemount 2230 Graphical Field Display cves: cve-2021-4104: investigated: false @@ -33254,10 +33326,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33275,7 +33348,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: Rosemount 2240S Multi-input Temperature Transmitter cves: cve-2021-4104: investigated: false @@ -33283,10 +33356,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33304,7 +33378,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Mark III Gas and Liquid USM + product: Rosemount 2410 Tank Hub cves: cve-2021-4104: investigated: false @@ -33312,10 +33386,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33333,7 +33408,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: Rosemount 2460 System Hub cves: cve-2021-4104: investigated: false @@ -33341,10 +33416,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33362,7 +33438,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: MPFM2600 & MPFM5726 + product: Rosemount 3490 Controller cves: cve-2021-4104: investigated: false @@ -33370,10 +33446,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33391,7 +33468,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: Rosemount CMS/IOU 61 cves: cve-2021-4104: investigated: false @@ -33399,10 +33476,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33420,7 +33498,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Plantweb Advisor for Metrology and Metering Suite SDK + product: Rosemount CMS/SCU 51/SCC cves: cve-2021-4104: investigated: false @@ -33428,10 +33506,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33449,7 +33528,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: Rosemount CMS/WSU 51/SWF 51 cves: cve-2021-4104: investigated: false @@ -33457,10 +33536,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33478,7 +33558,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Configuration Software + product: Rosemount IO-Link Assistant cves: cve-2021-4104: investigated: false @@ -33486,10 +33566,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33507,7 +33588,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: Rosemount Level Detectors (21xx) cves: cve-2021-4104: investigated: false @@ -33515,10 +33596,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33536,7 +33618,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Prolink Mobile Application & ProcessViz Software + product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) cves: cve-2021-4104: investigated: false @@ -33544,10 +33626,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33565,7 +33648,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2230 Graphical Field Display + product: Rosemount Radar Configuration Tool cves: cve-2021-4104: investigated: false @@ -33573,10 +33656,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33594,7 +33678,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2240S Multi-input Temperature Transmitter + product: Rosemount Radar Level Gauges (Pro 39xx 59xx) cves: cve-2021-4104: investigated: false @@ -33602,10 +33686,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33623,7 +33708,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2410 Tank Hub + product: Rosemount RadarMaster cves: cve-2021-4104: investigated: false @@ -33631,10 +33716,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33652,7 +33738,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 2460 System Hub + product: Rosemount RadarMaster Plus cves: cve-2021-4104: investigated: false @@ -33660,10 +33746,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33681,7 +33768,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount 3490 Controller + product: Rosemount Tank Radar Gauges (TGUxx) cves: cve-2021-4104: investigated: false @@ -33689,10 +33776,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33710,7 +33798,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/IOU 61 + product: Rosemount TankMaster cves: cve-2021-4104: investigated: false @@ -33718,10 +33806,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33739,7 +33828,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/SCU 51/SCC + product: Rosemount TankMaster Mobile cves: cve-2021-4104: investigated: false @@ -33747,10 +33836,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33768,7 +33858,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount CMS/WSU 51/SWF 51 + product: Spectrex family Flame Detectors and Rosemount 975 flame detector cves: cve-2021-4104: investigated: false @@ -33776,10 +33866,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33797,7 +33888,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount IO-Link Assistant + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -33805,10 +33896,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33826,7 +33918,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Detectors (21xx) + product: USM 3410 and 3810 Series Ultrasonic Transmitters cves: cve-2021-4104: investigated: false @@ -33834,10 +33926,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33855,7 +33948,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Level Transmitters (14xx 33xx 53xx 54xx 56xx) + product: Vortex and Magmeter Transmitters cves: cve-2021-4104: investigated: false @@ -33863,10 +33956,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33884,7 +33978,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Emerson - product: Rosemount Radar Configuration Tool + product: WCM SWGM cves: cve-2021-4104: investigated: false @@ -33892,10 +33986,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33912,8 +34007,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Radar Level Gauges (Pro 39xx 59xx) + - vendor: Enfocus + product: BoardingPass cves: cve-2021-4104: investigated: false @@ -33921,10 +34016,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33936,13 +34032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount RadarMaster and RadarMaster Plus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Connect cves: cve-2021-4104: investigated: false @@ -33950,10 +34046,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33965,13 +34062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount Tank Radar Gauges (TGUxx) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PDF Review Module cves: cve-2021-4104: investigated: false @@ -33979,10 +34076,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -33994,13 +34092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Rosemount TankMaster and TankMaster Mobile + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: PitStop cves: cve-2021-4104: investigated: false @@ -34008,10 +34106,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34023,13 +34122,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Spectrex family Flame Detectors and Rosemount 975 flame detector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enfocus + product: Switch cves: cve-2021-4104: investigated: false @@ -34037,10 +34136,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34052,13 +34152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enfocus-community.force.com/customers/s/article/Are-the-Enfocus-products-impacted-by-the-log4j-security-vulnerability?language=en_US notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Enovation + product: All cves: cve-2021-4104: investigated: false @@ -34081,13 +34181,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enovationgroup.com/nl/nieuws/log4j-vulnerability-cve-2021-44228/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: USM 3410 and 3810 Series Ultrasonic Transmitters + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EnterpriseDT + product: All cves: cve-2021-4104: investigated: false @@ -34110,13 +34210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Vortex and Magmeter Transmitters + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: All cves: cve-2021-4104: investigated: false @@ -34124,10 +34224,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -34139,13 +34240,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: Vortex and Magmeter Transmitters + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESET + product: Secure Authentication cves: cve-2021-4104: investigated: false @@ -34153,9 +34254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -34168,13 +34270,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf + - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: WCM SWGM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ESRI + product: ArcGIS Data Store cves: cve-2021-4104: investigated: false @@ -34182,9 +34284,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34197,13 +34300,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: Emerson - product: WCM SWGM + - vendor: ESRI + product: ArcGIS Enterprise cves: cve-2021-4104: investigated: false @@ -34211,9 +34315,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34226,13 +34331,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.emerson.com/documents/automation/emerson-cyber-security-notification-en-7881618.pdf - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: EnterpriseDT - product: '' + - vendor: ESRI + product: ArcGIS GeoEvent Server cves: cve-2021-4104: investigated: false @@ -34240,9 +34346,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34255,13 +34362,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://enterprisedt.com/blogs/announcements/enterprisedt-does-not-use-log4j/ - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ESET - product: '' + last_updated: '2021-12-17T00:00:00' + - vendor: ESRI + product: ArcGIS Server cves: cve-2021-4104: investigated: false @@ -34269,9 +34377,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -34284,13 +34393,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.eset.com/en/alert8188-information-regarding-the-log4j2-vulnerability - notes: '' + - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ + notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup + class, but has not issued patches to upgrade the Log4j versions references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: ESRI - product: ArcGIS Data Store + product: ArcGIS Workflow Manager Server cves: cve-2021-4104: investigated: false @@ -34321,7 +34431,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: ESRI - product: ArcGIS Enterprise + product: Portal for ArcGIS cves: cve-2021-4104: investigated: false @@ -34351,8 +34461,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS GeoEvent Server + - vendor: Estos + product: All cves: cve-2021-4104: investigated: false @@ -34362,9 +34472,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -34376,14 +34486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: EVL Labs + product: JGAAP cves: cve-2021-4104: investigated: false @@ -34394,7 +34503,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - <8.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34407,14 +34516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://github.com/evllabs/JGAAP/releases/tag/v8.0.2 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: ArcGIS Workflow Manager Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Evolveum Midpoint + product: Midpoint cves: cve-2021-4104: investigated: false @@ -34424,9 +34532,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -34438,14 +34546,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: ESRI - product: Portal for ArcGIS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ewon + product: All cves: cve-2021-4104: investigated: false @@ -34455,8 +34562,7 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -34469,14 +34575,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ - notes: Requires script remediation. ESRI has created scripts to remove the JndiLookup - class, but has not issued patches to upgrade the Log4j versions + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Estos - product: '' + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Ewon + product: eCatcher cves: cve-2021-4104: investigated: false @@ -34484,9 +34589,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 6.7.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -34499,13 +34605,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.estos.de/de/sicherheitshinweise/estos-von-kritischer-schwachstelle-in-log4j-cve-2021-44228-nicht-betroffen + - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Evolveum Midpoint - product: '' + last_updated: '2022-02-02T07:18:50+00:00' + - vendor: Exabeam + product: All cves: cve-2021-4104: investigated: false @@ -34528,13 +34634,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://evolveum.com/midpoint-not-vulnerable-to-log4shell/ - notes: '' + - https://community.exabeam.com/s/discussions?t=1639379479381 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ewon - product: All + - vendor: Exact + product: AEC cves: cve-2021-4104: investigated: false @@ -34558,13 +34665,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hmsnetworks.blob.core.windows.net/www/docs/librariesprovider10/downloads-monitored/manuals/release-notes/ecatcher_releasenotes.txt?sfvrsn=4f054ad7_42 + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' - last_updated: '2022-02-02T07:18:50+00:00' - - vendor: Exabeam - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Audition cves: cve-2021-4104: investigated: false @@ -34572,10 +34679,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: BoekhoudGemak + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34587,14 +34725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exabeam.com/s/discussions?t=1639379479381 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.exact.com/news/general-statement-apache-leak + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Exact - product: '' + product: Bouw7 cves: cve-2021-4104: investigated: false @@ -34602,10 +34739,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Business Suite + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34622,8 +34790,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Exivity - product: '' + - vendor: Exact + product: CommunicatieGemak cves: cve-2021-4104: investigated: false @@ -34631,10 +34799,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Consolidation powered by LucaNet + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -34646,13 +34845,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ExtraHop - product: Reveal(x) + - vendor: Exact + product: Digipoort cves: cve-2021-4104: investigated: false @@ -34661,12 +34860,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=8.4.6 - - <=8.5.3 - - <=8.6.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34678,13 +34875,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 - notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + - https://www.exact.com/news/general-statement-apache-leak + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: eXtreme Hosting - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: DigitaleFactuur cves: cve-2021-4104: investigated: false @@ -34692,10 +34889,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Dimoni + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34707,13 +34935,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremehosting.nl/log4shell-log4j/ + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Extreme Networks - product: '' + - vendor: Exact + product: EDI Gateway cves: cve-2021-4104: investigated: false @@ -34721,10 +34949,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FDS + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -34736,13 +34995,1846 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + - https://www.exact.com/news/general-statement-apache-leak notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Extron - product: '' + - vendor: Exact + product: Financials + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: FiscaalGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Globe E-report/Crystal Reports + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Go2UBL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Gripp + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: HR & SalarisGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Insights (Qlik) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Officient + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online All core products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Online Samenwerken (OSW) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Payroll Plus (Loket) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProAcc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ProQuro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: RapportageGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Reeleezee + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: ScanSys + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: SRXP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Core Product + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Synergy Elastic Search + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.6.2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WerkprogrammaGemak + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: Winbooks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exact + product: WMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.exact.com/news/general-statement-apache-leak + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Exivity + product: On-Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.exivity.com/getting-started/releases/announcements#announcement-regarding-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extensis + product: Universal Type Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '>=7.0.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.extensis.com/hc/en-us/articles/4412767414299-Universal-Type-Server-7-and-Log4j-vulnerabilities + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ExtraHop + product: Reveal(x) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=8.4.6 + - <=8.5.3 + - <=8.6.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.extrahop.com/t/extrahop-update-on-log4shell/8148 + notes: Versions >8.4.7, >8.5.4, >8.6.5 and >=8.7 are fixed. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: eXtreme Hosting + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremehosting.nl/log4shell-log4j/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: 200-series + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: BOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: EXOS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme AirDefense + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Campus Controller (Extreme Cloud Appliance) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Fabric Automation (EFA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Management Center (XMC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Extreme Visibility Manager (XVM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeAnalytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud A3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeCloud IQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeGuest + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeLocation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: ExtremeWireless (IdentiFi) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Fabric Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Guest and IoT Manager (GIM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic On-Premises + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: HiveManager Classic Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema Ip | Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SALSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 9.3.8 + - 9.4.3 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Ipanema SD-WAN Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQEngine (HiveOS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: IQVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 21.1.22.1-IQVA + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NetIron OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Network OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: NSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: SLX-OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: Traffic Sensor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VGVA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: VOSS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extreme Networks + product: WiNG + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://extremeportal.force.com/ExtrArticleDetail?an=000100806 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Extron + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_E.yml b/data/cisagov_E.yml index 9103b9b..8d9568c 100644 --- a/data/cisagov_E.yml +++ b/data/cisagov_E.yml @@ -58,7 +58,8 @@ software: unaffected_versions: [] vendor_links: - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf - notes: For security purposes direct notifications are being made to impacted customers. Please stay tuned for more updates. + notes: For security purposes direct notifications are being made to impacted customers. Please + stay tuned for more updates. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -73,7 +74,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '< 2.11' + - < 2.11 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -88,8 +89,8 @@ software: unaffected_versions: [] vendor_links: - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2 - notes: This advisory is available to customer only and has not been reviewed by CISA. - The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch + notes: This advisory is available to customer only and has not been reviewed by + CISA. The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation. See link in their own fix for Logstash (Support account needed, ongoing investigation) references: @@ -196,7 +197,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '7.1.8 - 7.1.9' + - 7.1.8 - 7.1.9 cve-2021-45046: investigated: false affected_versions: [] @@ -254,7 +255,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.17.0 - 1.28.0' + - 1.17.0 - 1.28.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -554,7 +555,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '7.16.2' + - 7.16.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -704,7 +705,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.8.22' + - 6.8.22 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1263,7 +1264,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Portal + product: Ellucian ePrint cves: cve-2021-4104: investigated: false @@ -1293,7 +1294,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian ePrint + product: Ellucian Ethos API & API Management Center cves: cve-2021-4104: investigated: false @@ -1323,7 +1324,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos API & API Management Center + product: Ellucian Ethos Extend cves: cve-2021-4104: investigated: false @@ -1353,7 +1354,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Extend + product: Ellucian Ethos Integration cves: cve-2021-4104: investigated: false @@ -1383,7 +1384,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Ethos Integration + product: Ellucian eTranscripts cves: cve-2021-4104: investigated: false @@ -1413,7 +1414,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian eTranscripts + product: Ellucian Experience cves: cve-2021-4104: investigated: false @@ -1443,7 +1444,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Experience + product: Ellucian Intelligent Platform (ILP) cves: cve-2021-4104: investigated: false @@ -1473,7 +1474,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Intelligent Platform (ILP) + product: Ellucian International Student and Scholar Management (ISSM) cves: cve-2021-4104: investigated: false @@ -1503,7 +1504,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian International Student and Scholar Management (ISSM) + product: Ellucian Message Service (EMS) cves: cve-2021-4104: investigated: false @@ -1533,7 +1534,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Message Service (EMS) + product: Ellucian Messaging Adapter (EMA) cves: cve-2021-4104: investigated: false @@ -1563,7 +1564,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Messaging Adapter (EMA) + product: Ellucian Mobile cves: cve-2021-4104: investigated: false @@ -1593,7 +1594,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Mobile + product: Ellucian Payment Gateway cves: cve-2021-4104: investigated: false @@ -1623,7 +1624,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: Ellucian - product: Ellucian Payment Gateway + product: Ellucian Portal cves: cve-2021-4104: investigated: false @@ -2805,8 +2806,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '5.x' - - '6.x' + - 5.x + - 6.x cve-2021-45046: investigated: false affected_versions: [] @@ -4009,7 +4010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4039,7 +4040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4069,7 +4070,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4099,7 +4100,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4129,7 +4130,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4492,7 +4493,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<8.0.2' + - <8.0.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4581,7 +4582,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.7.6' + - 6.7.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -4642,7 +4643,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4672,7 +4673,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4702,7 +4703,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4732,7 +4733,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4762,7 +4763,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4792,7 +4793,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4852,7 +4853,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4882,7 +4883,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4912,7 +4913,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4942,7 +4943,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -4972,7 +4973,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5002,7 +5003,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5032,7 +5033,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5062,7 +5063,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5092,7 +5093,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5122,7 +5123,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5152,7 +5153,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5182,7 +5183,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5212,7 +5213,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5242,7 +5243,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5272,7 +5273,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5302,7 +5303,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5332,7 +5333,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5362,7 +5363,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5392,7 +5393,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5422,7 +5423,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5452,7 +5453,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5482,7 +5483,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5512,7 +5513,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5542,7 +5543,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5572,7 +5573,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5601,7 +5602,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.6.2' + - 6.6.2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5632,7 +5633,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5662,7 +5663,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5692,7 +5693,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5722,7 +5723,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6473,8 +6474,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '9.3.8' - - '9.4.3' + - 9.3.8 + - 9.4.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6564,7 +6565,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '21.1.22.1-IQVA' + - 21.1.22.1-IQVA unaffected_versions: [] cve-2021-45046: investigated: false From bcdeb389e107c7cce9aace7001a7e9b418f9ee6f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:20:25 -0500 Subject: [PATCH 215/268] Add Abbott and Accellence Tech products --- data/cisagov_A.yml | 109 ++++++++++++++++++++++++++++++--------------- 1 file changed, 73 insertions(+), 36 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 17499a2..7ef12db 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5,7 +5,7 @@ owners: url: https://github.com/cisagov/log4j-affected-db software: - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -28,13 +29,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -43,10 +44,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -57,13 +58,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -71,10 +73,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -86,13 +88,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -101,8 +104,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -116,13 +118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -130,8 +132,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 'Track Sample Manager (TSM)' + - 'Track Workflow Manager (TWM)' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -146,12 +150,12 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -159,10 +163,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -179,8 +184,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -188,10 +193,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although + it includes several 3rd-partie software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -203,7 +240,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -220,7 +257,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - v7.6 release + - 'v7.6 release' unaffected_versions: [] cve-2021-45046: investigated: false @@ -234,12 +271,12 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' From 36760a6624f035fb4360cfa1a17a8e04afc29843 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:29:02 -0500 Subject: [PATCH 216/268] Fix whitespace --- data/cisagov_A.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 7ef12db..f3e88f4 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -211,7 +211,7 @@ software: vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although - it includes several 3rd-partie software setups, which may be affected. + it includes several 3rd-party software setups, which may be affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -281,7 +281,7 @@ software: - '' last_updated: '2021-12-16T00:00:00' - vendor: Acquia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -310,7 +310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis - product: '' + product: All cves: cve-2021-4104: investigated: false From 30ae9d04d89b52a802e1ed13d6901cafda84dcc0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Thu, 10 Feb 2022 13:44:58 -0500 Subject: [PATCH 217/268] Add Accruent products --- data/cisagov_A.yml | 570 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 570 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f3e88f4..98572ef 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -280,6 +280,576 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Accruent + product: Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Asset Enterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: BigCenter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: EMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Evoco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Expesite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Famis 360 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Lucernex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Maintenance Connection + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: TMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxField + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxMaintain + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxObserve + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: VxSustain + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accruent.com/apache_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acquia product: All cves: From 17c5b91dd0e914773d38639b3e161fa2cd9964a6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:47:37 -0500 Subject: [PATCH 218/268] Add Acronis products --- data/cisagov_A.yml | 278 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 276 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 98572ef..95841a1 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -880,7 +880,158 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acronis - product: All + product: Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '11.7' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '12.5' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.6.2 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Infrastructure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '3.5' + - '4.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Protect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '15' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -888,10 +1039,133 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2017 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: DeviceLock DLP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '9.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Files Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '10.7 onwards' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: MassTransit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '8.1' + - '8.2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Snap Deploy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -909,7 +1183,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ActiveState - product: '' + product: All cves: cve-2021-4104: investigated: false From 7ec3d0870c12892a5f24a554e5329f495417c314 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:53:48 -0500 Subject: [PATCH 219/268] Add Acunetix products --- data/cisagov_A.yml | 218 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 214 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 95841a1..ec95b3e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1211,8 +1211,218 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adaptec - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1241,7 +1451,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Addigy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1270,7 +1480,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -1293,7 +1503,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - A notes: '' references: - '' From 814805d972088ad8ee55d52d78a73cc12940435d Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 07:57:17 -0500 Subject: [PATCH 220/268] Add Adeptia products --- data/cisagov_A.yml | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index ec95b3e..2f3cb23 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1480,7 +1480,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Adeptia - product: All + product: Connect cves: cve-2021-4104: investigated: false @@ -1488,10 +1488,45 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adeptia + product: Suite + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '6.9.9' + - '6.9.10' + - '6.9.11' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1503,7 +1538,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - A + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' From f7b7f2242a507f21bc483d7ab8dd0cc8fdad5edd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:04:56 -0500 Subject: [PATCH 221/268] Add Adobe products --- data/cisagov_A.yml | 249 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 245 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 2f3cb23..96cbdb8 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1543,8 +1543,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1552,10 +1552,71 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.3 GA to 6.3.3' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1567,13 +1628,193 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.4 GA to 6.4.8' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All versions from 6.5 GA to 6.5.11' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager Forms on OSGi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager Forms Workbench + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ADP - product: '' + product: All cves: cve-2021-4104: investigated: false From 45522dc99de11d2ab5808525c40a252d1c7e8c3a Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:12:33 -0500 Subject: [PATCH 222/268] Add Ahsay & AIL, var. updates --- data/cisagov_A.yml | 155 ++++++++++++++++++++++++++++++++++++--------- 1 file changed, 125 insertions(+), 30 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 96cbdb8..b40044e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1881,10 +1881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1911,10 +1912,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1941,10 +1943,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1971,10 +1974,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1992,8 +1996,8 @@ software: references: - '' last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -2001,10 +2005,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2016,13 +2021,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://afhcan.org/support.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANcart + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -2034,7 +2039,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2052,7 +2057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANmobile + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2064,7 +2069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2082,7 +2087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANServer + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2094,7 +2099,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2112,7 +2117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANsuite + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2124,7 +2129,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2142,7 +2147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AFHCAN Global LLC - product: AFHCANupdate + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2154,7 +2159,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '8.0.7 - 8.4.3' cve-2021-45046: investigated: false affected_versions: [] @@ -2171,8 +2176,37 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Agilysys + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2184,7 +2218,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '1.6+' cve-2021-45046: investigated: false affected_versions: [] @@ -2196,13 +2230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2210,10 +2244,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'version 8.5.4.86 (and above)' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.0' cve-2021-45046: investigated: false affected_versions: [] @@ -2225,7 +2290,37 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/ail_project/status/1470373644279119875 notes: '' references: - '' From c3b65ac84e911607bfba3f97a6ae7717d76403c7 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:34:52 -0500 Subject: [PATCH 223/268] Add Akamai products --- data/cisagov_A.yml | 99 ++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 82 insertions(+), 17 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index b40044e..44d521a 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2326,7 +2326,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Akamai - product: SIEM Splunk Connector + product: Enterprise Application Access (EAA) Connector cves: cve-2021-4104: investigated: false @@ -2335,10 +2335,71 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '<1.7.4' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, + CVE-2021-45046 and CVE-2021-45105. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.4.10' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2350,13 +2411,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Alcatel - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2385,7 +2447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alertus - product: '' + product: Console cves: cve-2021-4104: investigated: false @@ -2393,9 +2455,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '5.15.0' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2414,7 +2477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alexion - product: '' + product: Alexion CRM cves: cve-2021-4104: investigated: false @@ -2422,10 +2485,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2443,7 +2507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alfresco - product: '' + product: Alfresco cves: cve-2021-4104: investigated: false @@ -2451,10 +2515,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -2472,7 +2537,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AlienVault - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -2524,7 +2589,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html notes: '' references: - '' From 187211e4fe1703fa6924b2ac27fee580e49bf4b6 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 08:38:44 -0500 Subject: [PATCH 224/268] Add Alphatron Medical products --- data/cisagov_A.yml | 94 +++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 93 insertions(+), 1 deletion(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 44d521a..debfcef 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2566,7 +2566,68 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Alphatron Medical - product: '' + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX cves: cve-2021-4104: investigated: false @@ -2574,10 +2635,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 3c44eb98cf3dd0bbaa272c0f6566185d2519e901 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 10:22:54 -0500 Subject: [PATCH 225/268] Add/update Amazon products --- data/cisagov_A.yml | 2149 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 2023 insertions(+), 126 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index debfcef..01fd074 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2686,6 +2686,68 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. + Actively monitoring this issue, and are working on addressing it for + any AMS services which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: Amazon product: Athena cves: @@ -2695,10 +2757,1816 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: Amazon Linux 1 had aws apitools which were Java based but these + were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 3.4.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility + (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, + Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). + This hot-patch will require customer opt-in to use, and disables JNDI lookups + from the Log4J2 library in customers’ containers. These updates are available + as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes + users on AWS, and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) + and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x + and 1.11.x, an update for the Stream Manager feature is included in Greengrass + patch versions 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; + OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate + the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only + if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon + ECR Public are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only + if affected EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. + AWS Lake Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2716,7 +4584,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS + product: Linux (AL1) cves: cve-2021-4104: investigated: false @@ -2728,8 +4596,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2740,16 +4607,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS API Gateway + product: Linux (AL2) cves: cve-2021-4104: investigated: false @@ -2760,7 +4625,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2774,12 +4639,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent + which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate + the Log4j issue in JVM layer is available. references: - '' - last_updated: '2021-12-20T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS CloudHSM + product: Lookout for Equipment cves: cve-2021-4104: investigated: false @@ -2788,9 +4655,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2803,13 +4670,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Connect + product: Macie cves: cve-2021-4104: investigated: false @@ -2820,7 +4687,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - All + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2834,14 +4701,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS DynamoDB + product: Macie Classic cves: cve-2021-4104: investigated: false @@ -2852,7 +4717,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2869,9 +4734,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS EKS, ECS, Fargate + product: Managed Workflows for Apache Airflow (MWAA) cves: cve-2021-4104: investigated: false @@ -2880,9 +4745,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2896,18 +4761,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS ElastiCache + product: MemoryDB for Redis cves: cve-2021-4104: investigated: false @@ -2918,7 +4777,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2935,9 +4794,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS ELB + product: Monitron cves: cve-2021-4104: investigated: false @@ -2948,7 +4807,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2965,9 +4824,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Inspector + product: MQ cves: cve-2021-4104: investigated: false @@ -2978,7 +4837,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -2995,9 +4854,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Kinesis Data Stream + product: Neptune cves: cve-2021-4104: investigated: false @@ -3006,9 +4865,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3022,16 +4881,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Lambda + product: NICE cves: cve-2021-4104: investigated: false @@ -3040,9 +4895,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3055,13 +4910,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ - notes: '' + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS Lambda + product: OpenSearch cves: cve-2021-4104: investigated: false @@ -3070,9 +4925,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'R20211203-P2' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3086,12 +4941,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ - notes: '' + notes: Update released, customers need to update their clusters to the fixed release. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS RDS + product: Pinpoint cves: cve-2021-4104: investigated: false @@ -3102,7 +4957,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3116,13 +4971,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS S3 + product: RDS Aurora cves: cve-2021-4104: investigated: false @@ -3133,7 +4987,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3150,9 +5004,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SNS + product: RDS for Oracle cves: cve-2021-4104: investigated: false @@ -3163,7 +5017,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3177,14 +5031,12 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: AWS SQS + product: Redshift cves: cve-2021-4104: investigated: false @@ -3195,7 +5047,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3212,9 +5064,9 @@ software: notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: CloudFront + product: Rekognition cves: cve-2021-4104: investigated: false @@ -3222,9 +5074,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3243,7 +5096,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: CloudWatch + product: Route 53 cves: cve-2021-4104: investigated: false @@ -3251,9 +5104,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3272,7 +5126,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: EC2 + product: SageMaker cves: cve-2021-4104: investigated: false @@ -3282,9 +5136,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3297,12 +5151,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). + Vulnerable only if customers applications use affected versions of Apache Log4j. references: - '' - last_updated: '2021-12-15T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: ELB + product: Simple Notification Service (SNS) cves: cve-2021-4104: investigated: false @@ -3310,9 +5165,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3326,12 +5182,14 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: KMS + product: Simple Queue Service (SQS) cves: cve-2021-4104: investigated: false @@ -3339,9 +5197,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3360,7 +5219,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: OpenSearch + product: Simple Workflow Service (SWF) cves: cve-2021-4104: investigated: false @@ -3369,9 +5228,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3384,13 +5243,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: RDS + product: Single Sign-On cves: cve-2021-4104: investigated: false @@ -3398,9 +5257,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3419,7 +5279,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: Route 53 + product: Step Functions cves: cve-2021-4104: investigated: false @@ -3427,9 +5287,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3448,7 +5309,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Amazon - product: S3 + product: Timestream cves: cve-2021-4104: investigated: false @@ -3456,9 +5317,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3485,10 +5347,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3514,10 +5377,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3530,7 +5424,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + notes: Not affected with default configurations. WorkDocs Sync client + versions 1.2.895.1 and older within Windows WorkSpaces, which contain + the Log4j component, are vulnerable; For update instruction, see source for more info. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3543,10 +5439,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3565,7 +5462,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: Anaconda - product: Anaconda + product: All cves: cve-2021-4104: investigated: false @@ -3577,7 +5474,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - '4.10.3' cve-2021-45046: investigated: false affected_versions: [] From cdfc36a230abf150888f6f37ef7b727b32c52103 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 10:37:10 -0500 Subject: [PATCH 226/268] Fix whitespace issue --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 01fd074..e8c15ba 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -4398,7 +4398,7 @@ software: vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Applying updates as required, portion of customers may still be vulnerable. - Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5456,7 +5456,7 @@ software: unaffected_versions: [] vendor_links: - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing + notes: Currently, no AMD products have been identified as affected. AMD is continuing its analysis. references: - '' From b75b3e94b347005421c17c208689eee295a5e6d0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:27:10 -0500 Subject: [PATCH 227/268] Add/update Apache products --- data/cisagov_A.yml | 897 +++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 826 insertions(+), 71 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index e8c15ba..45bfed1 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -5491,6 +5491,36 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' - vendor: Apache product: ActiveMQ Artemis cves: @@ -5535,10 +5565,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.2.6' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5550,8 +5611,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5565,11 +5626,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5599,10 +5659,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5658,10 +5719,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5687,8 +5749,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5717,10 +5780,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5738,7 +5802,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: CamelKafka Connector + product: Camel Kafka Connector cves: cve-2021-4104: investigated: false @@ -5746,10 +5810,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -5761,7 +5856,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr notes: '' references: - '' @@ -5776,9 +5871,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < druid 0.22.0 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '0.22.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5796,6 +5891,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' - vendor: Apache product: Flink cves: @@ -5808,7 +5933,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.14.2 + - 1.15.0 + - 1.14.2 - 1.13.5 - 1.12.7 - 1.11.6 @@ -5825,16 +5951,16 @@ software: unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' - vendor: Apache - product: Kafka + product: Fortress cves: cve-2021-4104: investigated: false @@ -5844,9 +5970,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '< 2.0.7' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.14.0' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5858,14 +6014,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Kafka + product: Guacamole cves: cve-2021-4104: investigated: false @@ -5874,10 +6029,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5889,13 +6074,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Log4j + product: HBase cves: cve-2021-4104: investigated: false @@ -5905,7 +6090,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.15.0 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5919,13 +6104,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html + - https://blogs.apache.org/security/entry/cve-2021-44228 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Solr + product: Hive cves: cve-2021-4104: investigated: false @@ -5936,8 +6121,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + - '4.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -5950,13 +6134,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Struts 2 + product: James cves: cve-2021-4104: investigated: false @@ -5964,9 +6148,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Versions before 2.5.28.1 + - '3.6.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -5980,16 +6164,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' + - '' + last_updated: '2021-12-14T00:00:00' - vendor: Apache - product: Tomcat + product: Jena cves: cve-2021-4104: investigated: false @@ -5997,10 +6178,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - 9.0.x - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '< 4.3.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6013,19 +6194,593 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'All' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.11.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.17.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 18.12.03' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 1.2.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '< 8.9.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '7.4.0 to 7.7.3' + - '8.0.0 to 8.11.0' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.5.28' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). + references: + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.7.3' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '2.0.0 and up' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: APC by Schneider Electric product: Powerchute Business Edition cves: From e4f9401d3cbb2cb2d82b362e7173a32db1ff598b Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:46:40 -0500 Subject: [PATCH 228/268] Update various A products --- data/cisagov_A.yml | 45 ++++++++++++++++++++++++--------------------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 45bfed1..dfba695 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -6793,11 +6793,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 + - 'v9.5' + - 'v10.0.1' + - 'v10.0.2' + - 'v10.0.3' + - 'v10.0.4' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6830,7 +6830,7 @@ software: - '4.2' - '4.3' - '4.4' - - 4.4.1 + - '4.4.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6858,9 +6858,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '6.3.x' + - '6.4.x' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6874,7 +6875,7 @@ software: unaffected_versions: [] vendor_links: - https://apereo.github.io/2021/12/11/log4j-vuln/ - notes: '' + notes: Other versions still in active maintainance might need manual inspection. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -6888,10 +6889,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '< 9.10' + - '< 10.6' unaffected_versions: [] cve-2021-45046: investigated: false @@ -6910,7 +6911,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apigee - product: '' + product: Edge and OPDK products cves: cve-2021-4104: investigated: false @@ -6918,10 +6919,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -6939,7 +6941,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apollo - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -6968,7 +6970,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Appdynamics - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7020,13 +7022,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities notes: '' references: - '' last_updated: '2021-12-15T00:00:00' - vendor: AppGate - product: '' + product: All cves: cve-2021-4104: investigated: false From 1ea05f0f150f7019c6945bc1619a96ce1d1d5566 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 11:49:49 -0500 Subject: [PATCH 229/268] Fix indentation errors --- data/cisagov_A.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index dfba695..06e0e28 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -6891,8 +6891,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 9.10' - - '< 10.6' + - '< 9.10' + - '< 10.6' unaffected_versions: [] cve-2021-45046: investigated: false From c8fdefcab20994bf58a552eaee845558798dfd60 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 12:44:09 -0500 Subject: [PATCH 230/268] Add Arista products --- data/cisagov_A.yml | 185 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 140 insertions(+), 45 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 06e0e28..e348ea5 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -7096,39 +7096,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: [] - notes: '' - references: - - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7146,7 +7118,7 @@ software: - '' last_updated: '2021-12-15T00:00:00' - vendor: APPSHEET - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7175,7 +7147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aptible - product: Aptible + product: All cves: cve-2021-4104: investigated: false @@ -7184,9 +7156,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Search 5.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -7205,7 +7177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aqua Security - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7242,10 +7214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7292,7 +7265,7 @@ software: - '' last_updated: '2022-01-13T00:00:00' - vendor: Arca Noae - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7561,7 +7534,7 @@ software: - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' last_updated: '2021-12-14T00:00:00' - vendor: ArcticWolf - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7590,7 +7563,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arduino - product: '' + product: IDE cves: cve-2021-4104: investigated: false @@ -7598,9 +7571,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '1.8.17' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7619,7 +7593,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ariba - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7648,7 +7622,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Arista - product: '' + product: Analytics Node for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -7656,10 +7660,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: + - '>7.0.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Portal + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>2019.1.0' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7676,6 +7711,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>8.8' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '>5.3.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks product: '' cves: From 0e96602b61062cecbb16b43fce7419b5e80e8a15 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 12:58:04 -0500 Subject: [PATCH 231/268] Add Aruba Networks products --- data/cisagov_A.yml | 729 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 725 insertions(+), 4 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index e348ea5..2a38f3e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -7772,7 +7772,457 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: '' + product: AirWave Management Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-S Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central On-Prem + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ClearPass Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: EdgeConnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: HP ProCurve Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -7780,10 +8230,281 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'Versions 2.5.0.0 to 2.5.0.6' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy GMS Products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy NX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: NetEdit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7795,13 +8516,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Ataccama - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7830,7 +8551,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atera - product: '' + product: All cves: cve-2021-4104: investigated: false From 77774d0c8d23382a5165f559e35167eeb2530237 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:27:35 -0500 Subject: [PATCH 232/268] Add Atlassian products --- data/cisagov_A.yml | 292 ++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 265 insertions(+), 27 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 2a38f3e..aa87a2e 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -8589,10 +8589,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On Prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8605,8 +8605,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -8620,9 +8619,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All - fixed_versions: [] + affected_versions: [] + fixed_versions: + - 'On prem' unaffected_versions: [] cve-2021-45046: investigated: false @@ -8643,6 +8642,66 @@ software: last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian product: Confluence Server & Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'On prem' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v1.7.1' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -8654,7 +8713,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8667,13 +8726,132 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Crowd Server & Data Center + product: Confluence-CIS-CAT Lite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v4.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v3.0.77' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v4.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 'v1.13.0' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -8685,7 +8863,67 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Confluence-CIS-Hosted CSAT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Crowd Server & Data Center + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - On prem + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8713,10 +8951,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8744,10 +8982,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - 'On prem' fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8775,10 +9013,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -8796,8 +9034,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -8858,7 +9096,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8887,7 +9125,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -8923,7 +9161,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Automox - product: '' + product: All cves: cve-2021-4104: investigated: false From 78bcca16e5d53ccb2336efb429ae7d4671644750 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 13:40:35 -0500 Subject: [PATCH 233/268] Update various A products --- data/cisagov_A.yml | 131 ++++++++++++++++++++++++++++++++++++++------- 1 file changed, 112 insertions(+), 19 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index aa87a2e..567c860 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -9160,6 +9160,97 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' + - vendor: Automation Anywhere + product: Automation 360 Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '11.x' + - '<11.3x' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Automox product: All cves: @@ -9190,7 +9281,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autopsy - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9219,7 +9310,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Auvik - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9248,7 +9339,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avantra SYSLINK - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -9421,8 +9512,8 @@ software: affected_versions: - '8' - '8.1' - - 8.1.4 - - 8.1.5 + - '8.1.4' + - '8.1.5' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10209,7 +10300,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10238,7 +10329,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10246,10 +10337,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10262,12 +10354,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10295,8 +10387,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -10304,10 +10396,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -10319,13 +10412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10354,7 +10447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -10383,7 +10476,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false From f4856ebddc5522e2b07664f13fc5347a65a8e5d9 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 14:03:21 -0500 Subject: [PATCH 234/268] Update Avaya products --- data/cisagov_A.yml | 171 +++++++++++++++++++-------------------------- 1 file changed, 72 insertions(+), 99 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 567c860..22dcda9 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -9410,8 +9410,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9434,7 +9435,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -9444,8 +9445,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.1.3.2 - - 8.1.3.3 + - '8.1.3.2' + - '8.1.3.3' - '10.1' fixed_versions: [] unaffected_versions: [] @@ -9466,7 +9467,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -9476,11 +9477,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 + - '7.0.2' + - '7.0.3' - '7.1' - - 7.1.1 - - 7.1.2 + - '7.1.1' + - '7.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9500,7 +9501,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -9511,7 +9512,10 @@ software: investigated: true affected_versions: - '8' + - '8.0.1' + - '8.0.2' - '8.1' + - '8.1.3' - '8.1.4' - '8.1.5' fixed_versions: [] @@ -9533,7 +9537,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -9543,41 +9547,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' - references: - - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Avaya - product: Avaya Aura® Media Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - 8.0.0 - - 8.0.1 - - 8.0.2 + - '8.0.0' + - '8.0.1' + - '8.0.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9597,7 +9569,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -9608,15 +9580,15 @@ software: investigated: true affected_versions: - '10.1' - - 7.1.2 + - '7.1.2' - '8' - - 8.0.1 - - 8.0.2 + - '8.0.1' + - '8.0.2' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 - - 8.1.4 + - '8.1.1' + - '8.1.2' + - '8.1.3' + - '8.1.4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9636,7 +9608,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -9647,13 +9619,13 @@ software: investigated: true affected_versions: - '10.1' - - 7.1.3 + - '7.1.3' - '8' - - 8.0.1 + - '8.0.1' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 + - '8.1.1' + - '8.1.2' + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9673,7 +9645,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -9684,7 +9656,7 @@ software: investigated: true affected_versions: - '10.1' - - 8.1.3 + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9704,7 +9676,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -9714,11 +9686,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.11[P] - - 3.8.1[P] - - 3.8[P] - - 3.9.1 [P] - - 3.9[P] + - '3.11[P]' + - '3.8.1[P]' + - '3.8[P]' + - '3.9.1[P]' + - '3.9[P]' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9738,7 +9710,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -9750,7 +9722,7 @@ software: affected_versions: - '3.7' - '3.8' - - 3.8.1 + - '3.8.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9780,11 +9752,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.0.2 - - 7.0.3 + - '7.0.2' + - '7.0.3' - '7.1' - - 7.1.1 - - 7.1.2 + - '7.1.1' + - '7.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9844,7 +9816,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.22 + - '3.1.22' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9874,9 +9846,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.1.10 - - 9.1.11 - - 9.1.12 + - '9.1.10' + - '9.1.11' + - '9.1.12' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9896,7 +9868,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -9966,11 +9938,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 + - '8.0.1' - '8.1' - - 8.1.1 - - 8.1.2 - - 8.1.3 + - '8.1.1' + - '8.1.2' + - '8.1.3' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9998,8 +9970,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10093,7 +10066,7 @@ software: investigated: true affected_versions: - '5' - - 5.0.1 + - '5.0.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10123,8 +10096,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.0.2 - - 9.0.2.1 + - '9.0.2' + - '9.0.2.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10174,7 +10147,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -10184,7 +10157,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 9.1.2 + - '9.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10214,7 +10187,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 7.3.9 + - '7.3.9' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10234,7 +10207,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -10244,10 +10217,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 11.0.4 + - '11.0.4' - '11.1' - - 11.1.1 - - 11.1.2 + - '11.1.1' + - '11.1.2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10277,10 +10250,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - 3.1.2 - - 3.1.3 + - '3.1.2' + - '3.1.3' - '4' - - 4.0.1 + - '4.0.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: From 461750059b73356e1f7a14b6b570c0ad3193464e Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Fri, 11 Feb 2022 19:11:34 +0000 Subject: [PATCH 235/268] Update the software list --- SOFTWARE-LIST.md | 437 ++- data/cisagov.yml | 7110 ++++++++++++++++++++++++++++++++++++++------ data/cisagov_A.yml | 524 ++-- 3 files changed, 6833 insertions(+), 1238 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 5514bf7..61321b9 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -29,107 +29,246 @@ NOTE: This file is automatically generated. To submit updates, please refer to | 3M Health Information Systems | CGS | | | Unknown | [link](https://support.3mhis.com/app/account/updates/ri/5210) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | 7-Zip | | | | Unknown | [link](https://sourceforge.net/p/sevenzip/discussion/45797/thread/b977bbd4d1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | 7Signal | Sapphire | | | Fixed | [link](https://www.7signal.com/info/se-release-notes) | Fix released 2021-12-14 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ABB | | | | Unknown | [link](https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | ABB Remote Service | ABB Remote Platform (RAP) | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | AlarmInsight Cloud | AlarmInsight KPI Dashboards 1.0.0 | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ABB | B&R Products | See Vendor Advisory | | Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Abbott | | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Abnormal Security | Abnormal Security | | | Unknown | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellence | | | | Unknown | [link](https://www.accellence.de/en/articles/national-vulnerability-database-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | "As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” to disable the possible attack vector on both CentOS 6 and CentOS 7." | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Acquia | | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Acronis | | | | Unknown | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ActiveState | | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adaptec | | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Addigy | | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adeptia | | | | Unknown | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Adobe ColdFusion | | | | Unknown | [link](https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| ADP | | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | AlarmInsight Cloud | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | B&R Products | | | Not Affected | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ABB | Remote Service | | | Fixed | [link](https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Abbott | All | | | Unknown | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Details are shared with customers with an active RAP subscription. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abbott | GLP Track System | Track Sample Manager (TSM), Track Workflow Manager (TWM) | | Affected | [link](https://www.abbott.com/policies/cybersecurity/apache-Log4j.html) | Abbott will provide a fix for this in a future update expected in January 2022. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Abnormal Security | All | | | Not Affected | [link](https://abnormalsecurity.com/blog/attackers-use-email-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | EBÜS | | All | Fixed | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several 3rd-party software setups, which may be affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellence Technologies | Vimacc | | | Not Affected | [link](https://www.accellence.de/en/articles/cve-2021-44228-62) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accellion | Kiteworks | | v7.6 release | Fixed | [link](https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/) | As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" to disable the possible attack vector on both CentOS 6 and CentOS 7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Accruent | Analytics | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Asset Enterprise | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | BigCenter | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | EMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Evoco | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Expesite | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Famis 360 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Lucernex | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Maintenance Connection | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Meridian | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Single Sign On (SSO, Central Auth) | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM3 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | SiteFM4 | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | Siterra | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | TMS | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxField | | | Not Affected | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxMaintain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxObserve | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Accruent | VxSustain | | | Fixed | [link](https://www.accruent.com/apache_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acquia | All | | | Unknown | [link](https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Backup | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Files | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Infrastructure | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Cyber Protection Home Office | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | DeviceLock DLP | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Files Connect | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | MassTransit | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acronis | Snap Deploy | | | Not Affected | [link](https://security-advisory.acronis.com/advisories/SEC-3859) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ActiveState | All | | | Unknown | [link](https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | 360 | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Agents | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | Application | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - ASP.NET | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - NodeJS | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST - PHP | | | Not Affected | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Acunetix | IAST-Java | | All | Fixed | [link](https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/) | AcuSensor IAST module needs attention. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adaptec | All | | | Unknown | [link](https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Addigy | All | | | Unknown | [link](https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Connect | | 3.3, 3.4, 3.5 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adeptia | Suite | | 6.9.9, 6.9.10, 6.9.11 | Fixed | [link](https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation-) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Automated Forms Conversion Service | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | ColdFusion | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.3 Forms on JEE | | All versions from 6.3 GA to 6.3.3 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms Designer | | | Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.4 Forms on JEE | | All versions from 6.4 GA to 6.4.8 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms Designer | | | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager 6.5 Forms on JEE | | All versions from 6.5 GA to 6.5.11 | Fixed | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms on OSGi | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Adobe | Experience Manager Forms Workbench | | | Not Affected | [link](https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ADP | All | | | Unknown | [link](https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Advanced Micro Devices (AMD) | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-02-02 | -| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Unknown | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AFAS Software | | | | Unknown | [link](https://help.afas.nl/vraagantwoord/NL/SE/120439.htm) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Advanced Systems Concepts (formally Jscape) | Active MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Gateway | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Advanced Systems Concepts (formally Jscape) | MFT Server | | | Not Affected | [link](https://support.advsyscon.com/hc/en-us/articles/4413631831569) | This advisory is available to customers only and has not been reviewed by CISA | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | AFHCAN Global LLC | AFHCANcart | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANmobile | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANServer | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANsuite | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANupdate | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AFHCAN Global LLC | AFHCANweb | | | Not Affected | [link](https://afhcan.org/support.aspx) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Agilysys | | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Akamai | SIEM Splunk Connector | All | | Affected | [link](https://splunkbase.splunk.com/app/4310/) | v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Alcatel | | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alertus | | | | Unknown | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alexion | | | | Unknown | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alfresco | | | | Unknown | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AlienVault | | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Alphatron Medical | | | | Unknown | [link](https://www.alphatronmedical.com/home.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Athena | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS | | | Not Affected | | Notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | AWS API Gateway | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Amazon | AWS CloudHSM | < 3.4.1. | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Connect | | All | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | -| Amazon | AWS DynamoDB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS EKS, ECS, Fargate | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache “Log4j2" utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS ElastiCache | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS ELB | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Amazon | AWS Inspector | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS Kinesis Data Stream | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS Lambda | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | AWS RDS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228 | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| Amazon | AWS S3 | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SNS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Amazon | AWS SQS | | Unknown | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | CloudFront | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | CloudWatch | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | EC2 | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Amazon | ELB | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | KMS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | OpenSearch | Unknown | | Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | RDS | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Route 53 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | S3 | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | Translate | | | Unknown | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Amazon | VPC | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AMD | All | | | Unknown | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Anaconda | Anaconda | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Agilysys | All | | | Unknown | [link](https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Mobile | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | Other products | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ahsay | PRD | | | Not Affected | [link](https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AIL | All | | | Not Affected | [link](https://twitter.com/ail_project/status/1470373644279119875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Akamai | Enterprise Application Access (EAA) Connector | | | Not Affected | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Integration Connector | | <1.7.4 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Akamai | SIEM Splunk Connector | | < 1.4.10 | Fixed | [link](https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes) | Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. Although it includes the vulnerable Log4J component, it is not used by the connector. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Alcatel | All | | | Unknown | [link](https://dokuwiki.alu4u.com/doku.php?id=log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alertus | Console | | 5.15.0 | Fixed | [link](https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alexion | Alexion CRM | | | Not Affected | [link](https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alfresco | Alfresco | | | Not Affected | [link](https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AlienVault | All | | | Unknown | [link](https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | AmiSconnect | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Custo Diagnostics | 5.4, 5.6 | | Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | JiveX | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Alphatron Medical | Zorgbericht | | | Not Affected | [link](https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Work in progress, portion of customers may still be vulnerable. Actively monitoring this issue, and are working on addressing it for any AMS services which use Log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | API Gateway | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | Athena JDBC Driver | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | All versions vended to customers were not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS | | | Not Affected | | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS AppFlow | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS AppSync | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS Certificate Manager Private CA | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS CloudHSM | | < 3.4.1 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodeBuild | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS CodePipeline | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Connect | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Vendors recommend evaluating components of the environment outside of the Amazon Connect service boundary, which may require separate/additional customer mitigation. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS Directory Service | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-23 | +| Amazon | AWS DynamoDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ECS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS EKS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch will require customer opt-in to use, and disables JNDI lookups from the Log4J2 library in customers’ containers. These updates are available as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, and will be in supported AWS Fargate platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Elastic Beanstalk | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Default configuration of applications usage of Log4j versions is not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ElastiCache | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS ELB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Fargate | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Glue | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Greengrass | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, an update for the Stream Manager feature is included in Greengrass patch versions 1.10.5 and 1.11.5. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Amazon | AWS Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS IoT SiteWise Edge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS Kinesis Data Streams | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | We are actively patching all sub-systems that use Log4j2 by applying updates. The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS KMS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Lambda | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Vulnerable when using aws-lambda-java-log4j2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS Polly | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS QuickSight | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | AWS RDS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified in CVE-2021-44228. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Amazon | AWS S3 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SDK | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Secrets Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS Service Catalog | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| Amazon | AWS SNS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon SNS systems that serve customer traffic are patched against the Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate separately from SNS’s systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Amazon | AWS SQS | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Systems Manager Agent | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS Textract | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Chime | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Chime and Chime SDK services have been updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cloud Directory | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudFront | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | CloudWatch | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Cognito | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Corretto | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | 10/19 release distribution does not include Log4j. Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | DocumentDB | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EC2 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | ECR Public | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon-owned images published under a Verified Account on Amazon ECR Public are not affected by the Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | Elastic Load Balancing | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Services have been updated. All Elastic Load Balancers, as well as Classic, Application, Network and Gateway, are not affected by this Log4j issue. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | EMR | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Many customers are estimated to be vulnerable. Vulnerable only if affected EMR releases are used and untrusted sources are configured to be processed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | EventBridge | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Fraud Detector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Inspector Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kafka (MSK) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Applying updates as required, portion of customers may still be vulnerable. Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kendra | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Keyspaces (for Apache Cassandra) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Kinesis Data Analytics | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lake Formation | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Update in progress, portion of customers may still be vulnerable. AWS Lake Formation service hosts are being updated to the latest version of Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lex | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL1) | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Linux (AL2) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | By default not vulnerable, and a new version of Amazon Kinesis Agent which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j issue in JVM layer is available. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Lookout for Equipment | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Macie Classic | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Managed Workflows for Apache Airflow (MWAA) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MemoryDB for Redis | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Monitron | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | MQ | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Neptune | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | NICE | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Recommended to update EnginFrame or Log4j library. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | OpenSearch | | R20211203-P2 | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-005/) | Update released, customers need to update their clusters to the fixed release. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Pinpoint | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS Aurora | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | RDS for Oracle | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Redshift | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Rekognition | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Route 53 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | SageMaker | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable only if customers applications use affected versions of Apache Log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Notification Service (SNS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Systems that serve customer traffic are patched against the Log4j2 issue. Working to apply the patch to sub-systems that operate separately from SNSs systems that serve customer traffic. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Queue Service (SQS) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Simple Workflow Service (SWF) | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Single Sign-On | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Step Functions | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Timestream | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | Translate | | | Not Affected | [link](https://aws.amazon.com/translate/) | Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | VPC | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Amazon | WorkSpaces/AppStream 2.0 | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Not affected with default configurations. WorkDocs Sync client versions 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, are vulnerable; For update instruction, see source for more info. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AMD | All | | | Not Affected | [link](https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034) | Currently, no AMD products have been identified as affected. AMD is continuing its analysis. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| Anaconda | All | | | Not Affected | [link](https://docs.conda.io/projects/conda/en/latest/index.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| AOMEI | All | | | Not Affected | [link](https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Apache | ActiveMQ Artemis | | | Not Affected | [link](https://activemq.apache.org/news/cve-2021-44228) | ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). Although this version of Log4j is not impacted by CVE-2021-44228 future versions of Artemis will be updated so that the Log4j jar is no longer included in the web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) for more information on that task. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Airflow | | | Unknown | [link](https://github.com/apache/airflow/tree/main/airflow) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Camel | 3.14.1.3.11.5, 3.7.7 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel 2 | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Airflow | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Airflow is written in Python | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Archiva | | 2.2.6 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.2.6. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Camel | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | Apache Camel does not directly depend on Log4j 2, so we are not affected by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own applications, make sure to upgrade.Apache Camel does use log4j during testing itself, and therefore you can find that we have been using log4j v2.13.3 release in our latest LTS releases Camel 3.7.6, 3.11.4. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel 2 | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | | Apache | Camel JBang | <=3.1.4 | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel K | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Karaf | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Camel Quarkus | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | CamelKafka Connector | | | Unknown | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | -| Apache | Druid | < druid 0.22.0 | | Affected | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Flink | | < 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | -| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, not v2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Apache | Kafka | Unknown | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Only vulnerable in certain configuration(s) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Log4j | < 2.15.0 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apache | Solr | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Update to 8.11.1 or apply fixes as described in Solr security advisory | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| Apache | Struts 2 | Versions before 2.5.28.1 | | Affected | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a “General Availability” release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Apache | Tomcat | 9.0.x | | Affected | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Camel K | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Kafka Connector | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Karaf | | | Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | The Karaf team is aware of this and are working on a new Karaf 4.3.4 release with updated log4j. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Camel Quarkus | | | Not Affected | [link](https://camel.apache.org/blog/2021/12/log4j2/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Cassandra | | | Not Affected | [link](https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-13 | +| Apache | Druid | | 0.22.1 | Fixed | [link](https://github.com/apache/druid/releases/tag/druid-0.22.1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Dubbo | | All | Fixed | [link](https://github.com/apache/dubbo/issues/9380) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Flink | | 1.15.0, 1.14.2, 1.13.5, 1.12.7, 1.11.6 | Fixed | [link](https://flink.apache.org/2021/12/10/log4j-cve.html) | To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped because CVE-2021-45046 was discovered during the release publication. The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. | [https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-12 | +| Apache | Fortress | | < 2.0.7 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 2.0.7. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Geode | | 1.14.0 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.12.6, 1.13.5, 1.14.1. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Guacamole | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hadoop | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | HBase | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Hive | | 4.x | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | James | 3.6.0 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Jena | | < 4.3.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JMeter | All | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | JSPWiki | | 2.11.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Kafka | | | Not Affected | [link](https://kafka.apache.org/cve-list) | Uses Log4j 1.2.17. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Apache | Log4j 1.x | | | Not Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Log4j 2.x | 2.17.1 | | Affected | [link](https://logging.apache.org/log4j/2.x/security.html) | Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Maven | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | NiFi | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | OFBiz | | < 18.12.03 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Ozone | | < 1.2.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Fixed in 1.15.1, 1.16.0. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SkyWalking | | < 8.9.1 | Fixed | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | SOLR | | 7.4.0 to 7.7.3, 8.0.0 to 8.11.0 | Fixed | [link](https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228) | Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. | [Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Apache | Spark | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | Uses log4j 1.x | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts | 2.5.28 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Struts 2 | | Versions before 2.5.28.1 | Fixed | [link](https://struts.apache.org/announce-2021) | The Apache Struts group is pleased to announce that Struts 2.5.28.1 is available as a General Availability release. The GA designation is our highest quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by using the latest Log4j 2.12.2 version (Java 1.7 compatible). | [Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | Tapestry | 5.7.3 | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tika | 2.0.0 and up | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | Tomcat | | | Unknown | [link](https://tomcat.apache.org/security-9.html) | Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications deployed on Apache Tomcat may have a dependency on log4j. You should seek support from the application vendor in this instance. It is possible to configure Apache Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit configuration and the addition of the log4j 2.x library. Anyone who has switched Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. In most cases, disabling the problematic feature will be the simplest solution. Exactly how to do that depends on the exact version of log4j 2.x being used. Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Apache | TrafficControl | | | Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apache | ZooKeeper | | | Not Affected | [link](https://blogs.apache.org/security/entry/cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | APC by Schneider Electric | Powerchute Business Edition | | v9.5, v10.0.1, v10.0.2, v10.0.3, v10.0.4 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | APC by Schneider Electric | Powerchute Network Shutdown | | 4.2, 4.3, 4.4, 4.4.1 | Fixed | [link](https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345) | Mitigation instructions to remove the affected class. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| Apereo | CAS | 6.3.x & 6.4.x | | Affected | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apereo | Opencast | < 9.10, < 10.6 | | Affected | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apigee | | | | Unknown | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Apollo | | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appdynamics | | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| AppGate | | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | CAS | | 6.3.x, 6.4.x | Fixed | [link](https://apereo.github.io/2021/12/11/log4j-vuln/) | Other versions still in active maintainance might need manual inspection. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apereo | Opencast | | < 9.10, < 10.6 | Fixed | [link](https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apigee | Edge and OPDK products | | | Not Affected | [link](https://status.apigee.com/incidents/3cgzb0q2r10p) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Apollo | All | | | Unknown | [link](https://community.apollographql.com/t/log4j-vulnerability/2214) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appdynamics | All | | | Unknown | [link](https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Appeon | PowerBuilder | Appeon PowerBuilder 2017-2021 regardless of product edition | | Affected | [link](https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| AppGate | All | | | Unknown | [link](https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Appian | Appian Platform | | All | Fixed | [link](https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Application Performance Ltd | DBMarlin | Not Affected | | Affected | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Application Performance Ltd | DBMarlin | | | Unknown | [link](https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | -| APPSHEET | | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aptible | Aptible | ElasticSearch 5.x | | Affected | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aqua Security | | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arbiter Systems | All | | | Unknown | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| APPSHEET | All | | | Unknown | [link](https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aptible | All | | Search 5.x | Fixed | [link](https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aqua Security | All | | | Unknown | [link](https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arbiter Systems | All | | | Not Affected | [link](https://www.arbiter.com/news/index.php?id=4403) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | ARC Informatique | All | | | Not Affected | [link](https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-13 | -| Arca Noae | | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arca Noae | All | | | Unknown | [link](https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Arcserve | Arcserve Backup | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Continuous Availability | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Arcserve Email Archiving | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | @@ -138,64 +277,102 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Arcserve | ShadowXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | Solo | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Arcserve | StorageCraft OneXafe | | | Not Affected | [link](https://support.storagecraft.com/s/article/Log4J-Update) | | [https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| ArcticWolf | | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arduino | | | | Unknown | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ariba | | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Arista | | | | Unknown | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Aruba Networks | | | | Unknown | [link](https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Ataccama | | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atera | | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bamboo Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Bitbucket Server & Data Center | All | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Confluence Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crowd Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Crucible | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Fisheye | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Atlassian | Jira Server & Data Center | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Attivo networks | | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| ArcticWolf | All | | | Unknown | [link](https://arcticwolf.com/resources/blog/log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arduino | IDE | | 1.8.17 | Fixed | [link](https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ariba | All | | | Unknown | [link](https://connectsupport.ariba.com/sites#announcements-display&/Event/908469) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for Converged Cloud Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Analytics Node for DANZ Monitoring Fabric | >7.0.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Monitoring Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Portal | >2019.1.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | CloudVision Wi-Fi, virtual or physical appliance | >8.8 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Arista | Embedded Analytics for Converged Cloud Fabric | >5.3.0 | | Affected | [link](https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070) | Formerly Big Cloud Fabric | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | AirWave Management Platform | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Analytics and Location Engine | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS SD-WAN Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS Wi-Fi Controllers and Gateways | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-CX Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ArubaOS-S Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Central On-Prem | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | ClearPass Policy Manager | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | EdgeConnect | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Fabric Composer (AFC) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | HP ProCurve Switches | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant Access Points | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Instant On | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | IntroSpect | | Versions 2.5.0.0 to 2.5.0.6 | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy GMS Products | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy NX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VRX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Legacy VX | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | NetEdit | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Plexxi Composable Fabric Manager (CFM) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | Silver Peak Orchestrator | | | Fixed | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | User Experience Insight (UXI) | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Aruba Networks | VIA Clients | | | Not Affected | [link](https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Ataccama | All | | | Unknown | [link](https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atera | All | | | Unknown | [link](https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bamboo Server & Data Center | On Prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Bitbucket Server & Data Center | | On prem | Fixed | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product is not vulnerable to remote code execution but may leak information due to the bundled Elasticsearch component being vulnerable. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | Only vulnerable when using non-default config, cloud version fixed. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS CSAT Pro | v1.7.1 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS WorkBench | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Lite | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable | v3.0.77 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 | v4.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Assessor v4 Service | v1.13.0 | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-CAT Pro Dashboard | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Confluence-CIS-Hosted CSAT | | | Not Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crowd Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Crucible | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Fisheye | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Atlassian | Jira Server & Data Center | On prem | | Affected | [link](https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html) | This product may be affected by a related but lower severity vulnerability if running in a specific non-default configuration. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Attivo Networks | All | | | Unknown | [link](https://www.attivonetworks.com/wp-content/uploads/2021/12/Log4j_Vulnerability-Advisory-211213-4.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Atvise | All | | | Not Affected | [link](https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen) | The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atvise solutions. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-17 | -| AudioCodes | | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autodesk | | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Automox | | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Autopsy | | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Auvik | | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Avantra SYSLINK | | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AudioCodes | All | | | Unknown | [link](https://services.audiocodes.com/app/answers/kbdetail/a_id/2225) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autodesk | All | | | Unknown | [link](https://knowledge.autodesk.com/support/autocad/troubleshooting/caas/sfdcarticles/sfdcarticles/CVE-2021-44228.html) | Autodesk is continuing to perform a thorough investigation in relation to the recently discovered Apache Log4j security vulnerabilities. We continue to implement several mitigating factors for our products including patching, network firewall blocks, and updated detection signatures to reduce the threat of this vulnerability and enhance our ability to quickly respond to potential malicious activity. We have not identified any compromised systems in the Autodesk environment due to this vulnerability, at this time. This is an ongoing investigation and we will provide updates on the [Autodesk Trust Center as we learn more](https://www.autodesk.com/trust/overview). | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Automation Anywhere | Automation 360 Cloud | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation 360 On Premise | | | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automation Anywhere | Automation Anywhere | | 11.x, <11.3x | Fixed | [link](https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Automox | All | | | Unknown | [link](https://blog.automox.com/log4j-critical-vulnerability-scores-a-10) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Autopsy | All | | | Unknown | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Auvik | All | | | Unknown | [link](https://status.auvik.com/incidents/58bfngkz69mj) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Avantra SYSLINK | All | | | Unknown | [link](https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Avaya | Avaya Analytics | 3.5, 3.6, 3.6.1, 3.7, 4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura for OneCloud Private | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8, 8.1, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Device Services | 8.0.1, 8.0.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Aura® Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1 [P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Breeze™ | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Application Enablement Services | 8.1.3.2, 8.1.3.3, 10.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020551u](https://download.avaya.com/css/public/documents/101079386) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Contact Center | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Device Services | 8, 8.0.1, 8.0.2, 8.1, 8.1.3, 8.1.4, 8.1.5 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura for OneCloud Private | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | Avaya is scanning and monitoring its OneCloud Private environments as part of its management activities. Avaya will continue to monitor this fluid situation and remediations will be made as patches become available, in accordance with appropriate change processes. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Media Server | 8.0.0, 8.0.1, 8.0.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020549u](https://download.avaya.com/css/secure/documents/101079316) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Presence Services | 10.1, 7.1.2, 8, 8.0.1, 8.0.2, 8.1, 8.1.1, 8.1.2, 8.1.3, 8.1.4 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Session Manager | 10.1, 7.1.3, 8, 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020550u](https://download.avaya.com/css/public/documents/101079384) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura System Manager | 10.1, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN005565u](https://download.avaya.com/css/secure/documents/101079390) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Aura Web Gateway | 3.11[P], 3.8.1[P], 3.8[P], 3.9.1[P], 3.9[P] | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Breeze | 3.7, 3.8, 3.8.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Contact Center Select | 7.0.2, 7.0.3, 7.1, 7.1.1, 7.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya CRM Connector - Connected Desktop | 2.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Device Enablement Service | 3.1.22 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Meetings | 9.1.10, 9.1.11, 9.1.12 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya one cloud private -UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya OneCloud-Private | 2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya OneCloud-Private-UCaaS - Mid Market Aura | 1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Session Border Controller for Enterprise | 8.0.1, 8.1, 8.1.1, 8.1.2, 8.1.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | [PSN020554u](https://download.avaya.com/css/public/documents/101079394) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Avaya Social Media Hub | | | Unknown | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Avaya Social Media Hub | | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Avaya Workforce Engagement | 5.3 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Business Rules Engine | 3.4, 3.5, 3.6, 3.7 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Callback Assist | 5, 5.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Control Manager | 9.0.2, 9.0.2.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Device Enrollment Service | 3.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | Equinox™ Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | Equinox Conferencing | 9.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Interaction Center | 7.3.9 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| Avaya | IP Office™ Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | +| Avaya | IP Office Platform | 11.0.4, 11.1, 11.1.1, 11.1.2 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | | Avaya | Proactive Outreach Manager | 3.1.2, 3.1.3, 4, 4.0.1 | | Affected | [link](https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-14 | -| AVEPOINT | | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AVM | | | | Unknown | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AvTech RoomAlert | | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AWS New | | | | Unknown | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXON | | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| AXS Guard | | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Axways Applications | | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVEPOINT | All | | | Unknown | [link](https://www.avepoint.com/company/java-zero-day-vulnerability-notification) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AVM | All | | | Not Affected | [link](https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C) | devices, firmware, software incl. MyFritz Service. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AvTech RoomAlert | All | | | Unknown | [link](https://avtech.com/articles/23124/java-exploit-room-alert-link/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXIS | OS | | | Not Affected | [link](https://help.axis.com/axis-os) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXON | All | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| AXS Guard | All | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Axways Applications | All | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | | BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 54e5782..7f791b8 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -186,7 +186,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: ABB - product: '' + product: AlarmInsight Cloud cves: cve-2021-4104: investigated: false @@ -194,10 +194,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -209,13 +210,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://search.abb.com/library/Download.aspx?DocumentID=9ADB012621&LanguageCode=en&DocumentPartId=&Action=Launch + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: ABB Remote Service + product: B&R Products cves: cve-2021-4104: investigated: false @@ -224,10 +225,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ABB Remote Platform (RAP) + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -238,13 +239,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: ABB - product: AlarmInsight Cloud + product: Remote Service cves: cve-2021-4104: investigated: false @@ -252,10 +254,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - AlarmInsight KPI Dashboards 1.0.0 - fixed_versions: [] + investigated: true + affected_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -267,13 +269,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://library.e.abb.com/public/33d17fce257142a9bc12de09d5b03e4f/9ADB012621_CyberSecurityNotification_Log4Shell_Vulnerabilities_RevE.pdf?x-sign=FsPI10PMyN3QM7OoR2bIwFRdFmC/BCX+5CZVPKdq2/rx0Nh8iHMAwluUVEaTFDjt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ABB - product: B&R Products + - vendor: Abbott + product: All cves: cve-2021-4104: investigated: false @@ -282,8 +285,7 @@ software: unaffected_versions: [] cve-2021-44228: investigated: false - affected_versions: - - See Vendor Advisory + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -297,13 +299,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf - notes: '' + - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html + notes: Details are shared with customers with an active RAP subscription. references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-15T00:00:00' - vendor: Abbott - product: '' + product: GLP Track System cves: cve-2021-4104: investigated: false @@ -311,8 +313,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -327,12 +331,13 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: '' + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' - vendor: Abnormal Security - product: Abnormal Security + product: All cves: cve-2021-4104: investigated: false @@ -340,10 +345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -360,8 +366,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Accellence - product: '' + - vendor: Accellence Technologies + product: EBÜS cves: cve-2021-4104: investigated: false @@ -369,10 +375,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.accellence.de/en/articles/cve-2021-44228-62 + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accellence Technologies + product: Vimacc + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -384,7 +422,7 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.accellence.de/en/articles/national-vulnerability-database-62 + - https://www.accellence.de/en/articles/cve-2021-44228-62 notes: '' references: - '' @@ -415,17 +453,17 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: '"As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems - as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true” - to disable the possible attack vector on both CentOS 6 and CentOS 7."' + as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" + to disable the possible attack vector on both CentOS 6 and CentOS 7. references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: Acquia - product: '' + - vendor: Accruent + product: Analytics cves: cve-2021-4104: investigated: false @@ -433,9 +471,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -448,13 +487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Acronis - product: '' + - vendor: Accruent + product: Asset Enterprise cves: cve-2021-4104: investigated: false @@ -462,10 +501,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -477,13 +517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://security-advisory.acronis.com/advisories/SEC-3859 + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ActiveState - product: '' + - vendor: Accruent + product: BigCenter cves: cve-2021-4104: investigated: false @@ -491,9 +531,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -506,13 +547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adaptec - product: '' + - vendor: Accruent + product: EMS cves: cve-2021-4104: investigated: false @@ -520,10 +561,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -535,13 +577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Addigy - product: '' + - vendor: Accruent + product: Evoco cves: cve-2021-4104: investigated: false @@ -549,9 +591,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -564,13 +607,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adeptia - product: '' + - vendor: Accruent + product: Expesite cves: cve-2021-4104: investigated: false @@ -578,9 +621,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -593,13 +637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Adobe ColdFusion - product: '' + - vendor: Accruent + product: Famis 360 cves: cve-2021-4104: investigated: false @@ -607,9 +651,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -622,13 +667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://helpx.adobe.com/coldfusion/kb/log4j-vulnerability-coldfusion.html + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: ADP - product: '' + - vendor: Accruent + product: Lucernex cves: cve-2021-4104: investigated: false @@ -636,9 +681,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -651,16 +697,16 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Advanced Micro Devices (AMD) - product: All + - vendor: Accruent + product: Maintenance Connection cves: cve-2021-4104: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -669,25 +715,25 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: '' + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + - https://www.accruent.com/apache_log4j notes: '' references: - '' - last_updated: '2022-02-02T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: Active MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Meridian cves: cve-2021-4104: investigated: false @@ -695,9 +741,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -710,14 +757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Single Sign On (SSO, Central Auth) cves: cve-2021-4104: investigated: false @@ -725,10 +771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -740,14 +787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM3 cves: cve-2021-4104: investigated: false @@ -755,9 +801,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -770,14 +817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Advanced Systems Concepts (formally Jscape) - product: MFT Server + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: SiteFM4 cves: cve-2021-4104: investigated: false @@ -785,9 +831,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -800,14 +847,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.advsyscon.com/hc/en-us/articles/4413631831569 - notes: This advisory is available to customers only and has not been reviewed - by CISA + - https://www.accruent.com/apache_log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: AFAS Software - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Accruent + product: Siterra cves: cve-2021-4104: investigated: false @@ -815,9 +861,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -830,13 +877,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.afas.nl/vraagantwoord/NL/SE/120439.htm + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANcart + - vendor: Accruent + product: TMS cves: cve-2021-4104: investigated: false @@ -848,7 +895,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -860,13 +907,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANmobile + - vendor: Accruent + product: VxField cves: cve-2021-4104: investigated: false @@ -878,7 +925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 8.0.7 - 8.4.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -890,13 +937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANServer + - vendor: Accruent + product: VxMaintain cves: cve-2021-4104: investigated: false @@ -906,9 +953,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -920,13 +967,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANsuite + - vendor: Accruent + product: VxObserve cves: cve-2021-4104: investigated: false @@ -936,9 +983,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -950,13 +997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANupdate + - vendor: Accruent + product: VxSustain cves: cve-2021-4104: investigated: false @@ -966,9 +1013,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -980,13 +1027,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://www.accruent.com/apache_log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AFHCAN Global LLC - product: AFHCANweb + - vendor: Acquia + product: All cves: cve-2021-4104: investigated: false @@ -994,11 +1041,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - 8.0.7 - 8.4.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1010,13 +1056,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://afhcan.org/support.aspx + - https://support.acquia.com/hc/en-us/articles/4415823329047-Apache-log4j-CVE-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Agilysys - product: '' + - vendor: Acronis + product: Backup cves: cve-2021-4104: investigated: false @@ -1024,10 +1070,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '11.7' cve-2021-45046: investigated: false affected_versions: [] @@ -1039,13 +1086,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Akamai - product: SIEM Splunk Connector + - vendor: Acronis + product: Cyber Backup cves: cve-2021-4104: investigated: false @@ -1054,10 +1101,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '12.5' cve-2021-45046: investigated: false affected_versions: [] @@ -1069,13 +1116,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://splunkbase.splunk.com/app/4310/ - notes: v1.4.11 is the new recommendation for mitigation of log4j vulnerabilities + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Alcatel - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acronis + product: Cyber Files cves: cve-2021-4104: investigated: false @@ -1083,10 +1130,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1098,13 +1146,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://dokuwiki.alu4u.com/doku.php?id=log4j + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alertus - product: '' + - vendor: Acronis + product: Cyber Infrastructure cves: cve-2021-4104: investigated: false @@ -1112,10 +1160,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '3.5' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -1127,13 +1177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alexion - product: '' + - vendor: Acronis + product: Cyber Protect cves: cve-2021-4104: investigated: false @@ -1141,10 +1191,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '15' cve-2021-45046: investigated: false affected_versions: [] @@ -1156,13 +1207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alfresco - product: '' + - vendor: Acronis + product: Cyber Protection Home Office cves: cve-2021-4104: investigated: false @@ -1170,10 +1221,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1185,13 +1237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AlienVault - product: '' + - vendor: Acronis + product: DeviceLock DLP cves: cve-2021-4104: investigated: false @@ -1199,10 +1251,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '9.0' cve-2021-45046: investigated: false affected_versions: [] @@ -1214,13 +1267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Alphatron Medical - product: '' + - vendor: Acronis + product: Files Connect cves: cve-2021-4104: investigated: false @@ -1228,10 +1281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1243,13 +1297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.alphatronmedical.com/home.html + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Athena + - vendor: Acronis + product: MassTransit cves: cve-2021-4104: investigated: false @@ -1257,10 +1311,12 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '8.1' + - '8.2' cve-2021-45046: investigated: false affected_versions: [] @@ -1272,13 +1328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://security-advisory.acronis.com/advisories/SEC-3859 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS + - vendor: Acronis + product: Snap Deploy cves: cve-2021-4104: investigated: false @@ -1290,8 +1346,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Linux 1 - - '2' + - '5' + - '6' cve-2021-45046: investigated: false affected_versions: [] @@ -1302,16 +1358,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). - AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 - and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' + vendor_links: + - https://security-advisory.acronis.com/advisories/SEC-3859 + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: AWS API Gateway + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: ActiveState + product: All cves: cve-2021-4104: investigated: false @@ -1319,10 +1373,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - All + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1335,13 +1388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.activestate.com/blog/activestate-statement-java-log4j-vulnerability/ notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Amazon - product: AWS CloudHSM + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: '360' cves: cve-2021-4104: investigated: false @@ -1350,10 +1403,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 3.4.1. + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1365,13 +1418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Connect + - vendor: Acunetix + product: Agents cves: cve-2021-4104: investigated: false @@ -1381,9 +1434,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - All - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1395,15 +1448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Vendors recommend evaluating components of the environment outside of the - Amazon Connect service boundary, which may require separate/additional customer - mitigation + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-23T00:00:00' - - vendor: Amazon - product: AWS DynamoDB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: Application cves: cve-2021-4104: investigated: false @@ -1413,9 +1464,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1427,13 +1478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS EKS, ECS, Fargate + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - ASP.NET cves: cve-2021-4104: investigated: false @@ -1442,10 +1493,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1457,19 +1508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache “Log4j2" utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS ElastiCache + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1479,9 +1524,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1493,13 +1538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1509,9 +1554,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1523,13 +1568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ notes: '' references: - '' - last_updated: '2021-12-16T00:00:00' - - vendor: Amazon - product: AWS Inspector + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Acunetix + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1540,7 +1585,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -1553,13 +1598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ + notes: AcuSensor IAST module needs attention. references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS Kinesis Data Stream + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adaptec + product: All cves: cve-2021-4104: investigated: false @@ -1567,9 +1612,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1583,17 +1627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: We are actively patching all sub-systems that use Log4j2 by applying updates. - The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library - (KPL) are not impacted. For customers using KCL 1.x, we have released an updated - version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher) + - https://ask.adaptec.com/app/answers/detail/a_id/17523/kw/log4j + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS Lambda + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Addigy + product: All cves: cve-2021-4104: investigated: false @@ -1601,9 +1641,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - Unknown + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1617,13 +1656,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://addigy.com/blog/addigy-and-apaches-log4j2-cve-2021-44228-status/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS Lambda + - vendor: Adeptia + product: Connect cves: cve-2021-4104: investigated: false @@ -1632,9 +1671,11 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown - fixed_versions: [] + affected_versions: [] + fixed_versions: + - '3.3' + - '3.4' + - '3.5' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1647,13 +1688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: AWS RDS + - vendor: Adeptia + product: Suite cves: cve-2021-4104: investigated: false @@ -1664,7 +1705,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1677,14 +1720,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified - in CVE-2021-44228 + - https://support.adeptia.com/hc/en-us/articles/4412815509524-CVE-2021-44228-Log4j2-Vulnerability-Mitigation- + notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: Amazon - product: AWS S3 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Automated Forms Conversion Service cves: cve-2021-4104: investigated: false @@ -1693,9 +1735,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - Unknown + affected_versions: + - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -1708,13 +1750,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SNS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: ColdFusion cves: cve-2021-4104: investigated: false @@ -1725,7 +1767,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -1738,15 +1780,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon SNS systems that serve customer traffic are patched against the - Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate - separately from SNS’s systems that serve customer traffic + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Amazon - product: AWS SQS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.3 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1757,7 +1797,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1770,13 +1810,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: CloudFront + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.4 Forms Designer cves: cve-2021-4104: investigated: false @@ -1784,8 +1824,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -1799,13 +1840,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: CloudWatch + - vendor: Adobe + product: Experience Manager 6.4 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1813,9 +1854,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1828,13 +1870,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: EC2 + - vendor: Adobe + product: Experience Manager 6.5 Forms Designer cves: cve-2021-4104: investigated: false @@ -1844,9 +1886,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Amazon Linux 1 & 2 + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1858,13 +1900,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Amazon - product: ELB + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Adobe + product: Experience Manager 6.5 Forms on JEE cves: cve-2021-4104: investigated: false @@ -1872,9 +1914,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1887,13 +1930,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: KMS + - vendor: Adobe + product: Experience Manager Forms on OSGi cves: cve-2021-4104: investigated: false @@ -1901,10 +1944,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1916,13 +1960,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: OpenSearch + - vendor: Adobe + product: Experience Manager Forms Workbench cves: cve-2021-4104: investigated: false @@ -1931,10 +1975,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Unknown + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1946,13 +1990,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + - https://helpx.adobe.com/experience-manager/kb/aem-forms-vulnerability-cve-2021-44228.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: RDS + - vendor: ADP + product: All cves: cve-2021-4104: investigated: false @@ -1975,42 +2019,43 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.adp.com/about-adp/data-security/alerts/adp-vulnerability-statement-apache-log4j-vulnerability-cve-2021-44228.aspx notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Route 53 + - vendor: Advanced Micro Devices (AMD) + product: All cves: cve-2021-4104: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: S3 + last_updated: '2022-02-02T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: Active MFT cves: cve-2021-4104: investigated: false @@ -2018,10 +2063,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2033,13 +2079,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: Translate + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT cves: cve-2021-4104: investigated: false @@ -2047,10 +2094,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2062,13 +2110,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/translate/ - notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Amazon - product: VPC + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Gateway cves: cve-2021-4104: investigated: false @@ -2076,10 +2125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2091,13 +2141,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: '' + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AMD - product: All + last_updated: '2021-12-14T00:00:00' + - vendor: Advanced Systems Concepts (formally Jscape) + product: MFT Server cves: cve-2021-4104: investigated: false @@ -2105,10 +2156,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2120,14 +2172,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 - notes: Currently, no AMD products have been identified as affected. AMD is continuing - its analysis. + - https://support.advsyscon.com/hc/en-us/articles/4413631831569 + notes: This advisory is available to customers only and has not been reviewed + by CISA references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Anaconda - product: Anaconda + last_updated: '2021-12-14T00:00:00' + - vendor: AFHCAN Global LLC + product: AFHCANcart cves: cve-2021-4104: investigated: false @@ -2139,7 +2191,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 4.10.3 + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2151,13 +2203,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.conda.io/projects/conda/en/latest/index.html + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: ActiveMQ Artemis + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANmobile cves: cve-2021-4104: investigated: false @@ -2169,7 +2221,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2181,18 +2233,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://activemq.apache.org/news/cve-2021-44228 - notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 - is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). - Although this version of Log4j is not impacted by CVE-2021-44228 future versions - of Artemis will be updated so that the Log4j jar is no longer included in the - web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) - for more information on that task. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Airflow + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANServer cves: cve-2021-4104: investigated: false @@ -2200,10 +2247,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2215,13 +2263,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/airflow/tree/main/airflow - notes: Airflow is written in Python + - https://afhcan.org/support.aspx + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Camel + - vendor: AFHCAN Global LLC + product: AFHCANsuite cves: cve-2021-4104: investigated: false @@ -2230,11 +2278,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 3.14.1.3.11.5 - - 3.7.7 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2246,17 +2293,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: Apache Camel does not directly depend on Log4j 2, so we are not affected - by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own - applications, make sure to upgrade.Apache Camel does use log4j during testing - itself, and therefore you can find that we have been using log4j v2.13.3 release - in our latest LTS releases Camel 3.7.6, 3.11.4. + - https://afhcan.org/support.aspx + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel 2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANupdate cves: cve-2021-4104: investigated: false @@ -2264,10 +2307,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2279,13 +2323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel JBang + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AFHCAN Global LLC + product: AFHCANweb cves: cve-2021-4104: investigated: false @@ -2294,10 +2338,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - <=3.1.4 + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2309,13 +2353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://afhcan.org/support.aspx notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel K + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Agilysys + product: All cves: cve-2021-4104: investigated: false @@ -2338,13 +2382,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://info.agilysys.com/webmail/76642/2001127877/c3fda575e2313fac1f6a203dc6fc1db2439c3db0da22bde1b6c1b6747d7f0e2f notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Karaf + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Mobile cves: cve-2021-4104: investigated: false @@ -2352,10 +2396,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2367,14 +2412,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Camel Quarkus + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: Other products cves: cve-2021-4104: investigated: false @@ -2382,10 +2426,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2397,13 +2442,5229 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j notes: '' references: - '' - last_updated: '2021-12-13T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ahsay + product: PRD + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '2.0' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://wiki.ahsay.com/doku.php?id=public:announcement:cve-2021-44228_log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AIL + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/ail_project/status/1470373644279119875 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Akamai + product: Enterprise Application Access (EAA) Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Integration Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - <1.7.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Akamai + product: SIEM Splunk Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.4.10 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes + notes: Akamai SIEM Integration Connector for Splunk is not vulnerable to CVE-2021-44228. + Although it includes the vulnerable Log4J component, it is not used by the connector. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Alcatel + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://dokuwiki.alu4u.com/doku.php?id=log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alertus + product: Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 5.15.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.alertus.com/s/article/Security-Advisory-Log4Shell-Vulnerability?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alexion + product: Alexion CRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://alexion.nl/blog/alexion-crm-niet-vatbaar-voor-log4shell + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alfresco + product: Alfresco + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hub.alfresco.com/t5/alfresco-content-services-blog/cve-2021-44228-related-to-apache-log4j-security-advisory/ba-p/310717 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AlienVault + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://success.alienvault.com/s/article/are-USM-Anywhere-or-USM-Central-vulnerable-to-CVE-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: AmiSconnect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Custo Diagnostics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '5.4' + - '5.6' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: JiveX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Alphatron Medical + product: Zorgbericht + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.alphatronmedical.com/product-news/vulnerability-apache-log4j.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: API Gateway + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: Athena JDBC Driver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: All versions vended to customers were not affected. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - Linux 1 + - '2' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: [] + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 + and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS AppFlow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS AppSync + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS Certificate Manager Private CA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS CloudHSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 3.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: CloudHSM JCE SDK 3.4.1 or higher is not vulnerable. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodeBuild + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS CodePipeline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Vendors recommend evaluating components of the environment outside of the + Amazon Connect service boundary, which may require separate/additional customer + mitigation. + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS Directory Service + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-23T00:00:00' + - vendor: Amazon + product: AWS DynamoDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ECS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS EKS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Elastic Beanstalk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Default configuration of applications usage of Log4j versions is not vulnerable. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ElastiCache + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS ELB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Fargate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Glue + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Greengrass + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. + references: + - '' + last_updated: '2021-12-16T00:00:00' + - vendor: Amazon + product: AWS Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS IoT SiteWise Edge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS Kinesis Data Streams + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: We are actively patching all sub-systems that use Log4j2 by applying updates. + The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library + (KPL) are not impacted. For customers using KCL 1.x, we have released an updated + version and we strongly recommend that all KCL version 1.x customers upgrade + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS KMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Lambda + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Vulnerable when using aws-lambda-java-log4j2. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS Polly + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS QuickSight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: AWS RDS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon RDS and Amazon Aurora have been updated to mitigate the issues identified + in CVE-2021-44228. + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: Amazon + product: AWS S3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SDK + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Secrets Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS Service Catalog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Amazon + product: AWS SNS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon SNS systems that serve customer traffic are patched against the + Log4j2 issue. We are working to apply the Log4j2 patch to sub-systems that operate + separately from SNS’s systems that serve customer traffic. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Amazon + product: AWS SQS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Systems Manager Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: AWS Textract + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Chime + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cloud Directory + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudFront + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: CloudWatch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Cognito + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Corretto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: DocumentDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EC2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: ECR Public + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: Elastic Load Balancing + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Services have been updated. All Elastic Load Balancers, as well as Classic, + Application, Network and Gateway, are not affected by this Log4j issue. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Amazon + product: EMR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: EventBridge + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Fraud Detector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Inspector Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kafka (MSK) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Applying updates as required, portion of customers may still be vulnerable. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kendra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Keyspaces (for Apache Cassandra) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Kinesis Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lake Formation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lex + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL1) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Linux (AL2) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Lookout for Equipment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Macie Classic + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Managed Workflows for Apache Airflow (MWAA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MemoryDB for Redis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Monitron + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Neptune + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: NICE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Recommended to update EnginFrame or Log4j library. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: OpenSearch + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - R20211203-P2 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-005/ + notes: Update released, customers need to update their clusters to the fixed release. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Pinpoint + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS Aurora + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: RDS for Oracle + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Redshift + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Rekognition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Route 53 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: SageMaker + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Notification Service (SNS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Systems that serve customer traffic are patched against the Log4j2 issue. + Working to apply the patch to sub-systems that operate separately from SNSs + systems that serve customer traffic. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Queue Service (SQS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Simple Workflow Service (SWF) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Single Sign-On + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Step Functions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Timestream + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: Translate + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/translate/ + notes: Service not identified on [AWS Log4j Security Bulletin](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: VPC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Amazon + product: WorkSpaces/AppStream 2.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: AMD + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1034 + notes: Currently, no AMD products have been identified as affected. AMD is continuing + its analysis. + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Anaconda + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 4.10.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.conda.io/projects/conda/en/latest/index.html + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: AOMEI + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.aomeitech.com/forum/index.php?p=/discussion/7651/aomei-and-log4j + notes: '' + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: ActiveMQ Artemis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://activemq.apache.org/news/cve-2021-44228 + notes: ActiveMQ Artemis does not use Log4j for logging. However, Log4j 1.2.17 + is included in the Hawtio-based web console application archive (i.e. [web/console.war/WEB-INF/lib](web/console.war/WEB-INF/lib)). + Although this version of Log4j is not impacted by CVE-2021-44228 future versions + of Artemis will be updated so that the Log4j jar is no longer included in the + web console application archive. See [ARTEMIS-3612](https://issues.apache.org/jira/browse/ARTEMIS-3612) + for more information on that task. + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Airflow + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Airflow is written in Python + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Archiva + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.2.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.2.6. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Camel + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: Apache Camel does not directly depend on Log4j 2, so we are not affected + by CVE-2021-44228.If you explicitly added the Log4j 2 dependency to your own + applications, make sure to upgrade.Apache Camel does use log4j during testing + itself, and therefore you can find that we have been using log4j v2.13.3 release + in our latest LTS releases Camel 3.7.6, 3.11.4. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel JBang + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - <=3.1.4 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel K + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Kafka Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Karaf + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Camel Quarkus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://camel.apache.org/blog/2021/12/log4j2/ + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Cassandra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://lists.apache.org/thread/2rngylxw8bjos6xbo1krp29m9wn2hhdr + notes: '' + references: + - '' + last_updated: '2021-12-13T00:00:00' + - vendor: Apache + product: Druid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 0.22.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/druid/releases/tag/druid-0.22.1 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Dubbo + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/apache/dubbo/issues/9380 + notes: '' + references: + - '' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Flink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.15.0 + - 1.14.2 + - 1.13.5 + - 1.12.7 + - 1.11.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://flink.apache.org/2021/12/10/log4j-cve.html + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + references: + - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' + last_updated: '2021-12-12T00:00:00' + - vendor: Apache + product: Fortress + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 2.0.7 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 2.0.7. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Geode + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 1.14.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.12.6, 1.13.5, 1.14.1. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Guacamole + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hadoop + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: HBase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Hive + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: James + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 3.6.0 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Jena + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 4.3.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JMeter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: JSPWiki + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.11.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Kafka + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://kafka.apache.org/cve-list + notes: Uses Log4j 1.2.17. + references: + - '' + last_updated: '2021-12-14T00:00:00' + - vendor: Apache + product: Log4j 1.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Log4j 2.x + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.17.1 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://logging.apache.org/log4j/2.x/security.html + notes: Fixed in Log4j 2.17.1 (Java 8), 2.12.4 (Java 7) and 2.3.2 (Java 6). + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Maven + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: NiFi + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: OFBiz + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 18.12.03 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Ozone + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 1.2.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Fixed in 1.15.1, 1.16.0. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SkyWalking + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 8.9.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: SOLR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. + references: + - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' + last_updated: '2021-12-16T00:00:00' + - vendor: Apache + product: Spark + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: Uses log4j 1.x + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.5.28 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Struts 2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Versions before 2.5.28.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://struts.apache.org/announce-2021 + notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is + available as a General Availability release. The GA designation is our highest + quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by + using the latest Log4j 2.12.2 version (Java 1.7 compatible). + references: + - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: Tapestry + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 5.7.3 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tika + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2.0.0 and up + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apache + product: Tomcat + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://tomcat.apache.org/security-9.html + notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications + deployed on Apache Tomcat may have a dependency on log4j. You should seek support + from the application vendor in this instance. It is possible to configure Apache + Tomcat 9.0.x to use log4j 2.x for Tomcats internal logging. This requires explicit + configuration and the addition of the log4j 2.x library. Anyone who has switched + Tomcats internal logging to log4j 2.x is likely to need to address this vulnerability. + In most cases, disabling the problematic feature will be the simplest solution. + Exactly how to do that depends on the exact version of log4j 2.x being used. + Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + references: + - '' + last_updated: '2021-12-21T00:00:00' + - vendor: Apache + product: TrafficControl + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - '' + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Apache - product: CamelKafka Connector + product: ZooKeeper + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blogs.apache.org/security/entry/cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: APC by Schneider Electric + product: Powerchute Business Edition + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APC by Schneider Electric + product: Powerchute Network Shutdown + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.2' + - '4.3' + - '4.4' + - 4.4.1 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 + notes: Mitigation instructions to remove the affected class. + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: Apereo + product: CAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 6.3.x + - 6.4.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apereo.github.io/2021/12/11/log4j-vuln/ + notes: Other versions still in active maintainance might need manual inspection. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apereo + product: Opencast + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - < 9.10 + - < 10.6 + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apigee + product: Edge and OPDK products + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.apigee.com/incidents/3cgzb0q2r10p + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Apollo + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.apollographql.com/t/log4j-vulnerability/2214 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appdynamics + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appeon + product: PowerBuilder + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - Appeon PowerBuilder 2017-2021 regardless of product edition + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appeon.com/index.php/qna/q-a/apache-log4j-security-vulnerabilities + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: AppGate + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Appian + product: Appian Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Application Performance Ltd + product: DBMarlin + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + notes: '' + references: + - '' + last_updated: '2021-12-15T00:00:00' + - vendor: APPSHEET + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aptible + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Search 5.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aqua Security + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arbiter Systems + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arbiter.com/news/index.php?id=4403 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: ARC Informatique + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + notes: '' + references: + - '' + last_updated: '2022-01-13T00:00:00' + - vendor: Arca Noae + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arcserve + product: Arcserve Backup + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Continuous Availability + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve Email Archiving + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Arcserve UDP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 6.5-8.3 + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowProtect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: ShadowXafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: Solo cves: cve-2021-4104: investigated: false @@ -2411,10 +7672,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.storagecraft.com/s/article/Log4J-Update + notes: '' + references: + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: Arcserve + product: StorageCraft OneXafe + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2426,13 +7718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://camel.apache.org/blog/2021/12/log4j2/ + - https://support.storagecraft.com/s/article/Log4J-Update notes: '' references: - - '' - last_updated: '2021-12-13T00:00:00' - - vendor: Apache - product: Druid + - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' + last_updated: '2021-12-14T00:00:00' + - vendor: ArcticWolf + product: All cves: cve-2021-4104: investigated: false @@ -2440,9 +7732,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - < druid 0.22.0 + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2456,13 +7747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/apache/druid/releases/tag/druid-0.22.1 + - https://arcticwolf.com/resources/blog/log4j notes: '' references: - '' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Flink + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arduino + product: IDE cves: cve-2021-4104: investigated: false @@ -2473,10 +7764,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - < 1.14.2 - - 1.13.5 - - 1.12.7 - - 1.11.6 + - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2489,17 +7777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: 'To clarify and avoid confusion: The 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046.' + - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 + notes: '' references: - - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' - last_updated: '2021-12-12T00:00:00' - - vendor: Apache - product: Kafka + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ariba + product: All cves: cve-2021-4104: investigated: false @@ -2507,11 +7791,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2523,14 +7806,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://kafka.apache.org/cve-list - notes: The current DB lists Apache Kafka as impacted. Apache Kafka uses Log4jv1, - not v2. + - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' - - vendor: Apache - product: Kafka + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Analytics Node for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -2540,7 +7822,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - Unknown + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2554,13 +7836,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: Only vulnerable in certain configuration(s) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Log4j + - vendor: Arista + product: Analytics Node for DANZ Monitoring Fabric cves: cve-2021-4104: investigated: false @@ -2570,7 +7852,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - < 2.15.0 + - '>7.0.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2584,13 +7866,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://logging.apache.org/log4j/2.x/security.html - notes: '' + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Monitoring Fabric references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apache - product: Solr + - vendor: Arista + product: CloudVision Portal cves: cve-2021-4104: investigated: false @@ -2599,10 +7881,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: - - 7.4.0 to 7.7.3 - - 8.0.0 to 8.11.0 + affected_versions: + - '>2019.1.0' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -2615,13 +7896,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Update to 8.11.1 or apply fixes as described in Solr security advisory + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' references: - - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' - last_updated: '2021-12-16T00:00:00' - - vendor: Apache - product: Struts 2 + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: CloudVision Wi-Fi, virtual or physical appliance cves: cve-2021-4104: investigated: false @@ -2629,9 +7910,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - Versions before 2.5.28.1 + - '>8.8' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2645,16 +7926,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://struts.apache.org/announce-2021 - notes: The Apache Struts group is pleased to announce that Struts 2.5.28.1 is - available as a “General Availability” release. The GA designation is our highest - quality grade. This release addresses Log4j vulnerability CVE-2021-45046 by - using the latest Log4j 2.12.2 version (Java 1.7 compatible). + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: '' references: - - '[Apache Struts Release Downloads](https://struts.apache.org/download.cgi#struts-ga)' - last_updated: '2021-12-21T00:00:00' - - vendor: Apache - product: Tomcat + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Arista + product: Embedded Analytics for Converged Cloud Fabric cves: cve-2021-4104: investigated: false @@ -2662,9 +7940,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: - - 9.0.x + - '>5.3.0' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -2678,21 +7956,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://tomcat.apache.org/security-9.html - notes: Apache Tomcat 9.0.x has no dependency on any version of log4j. Web applications - deployed on Apache Tomcat may have a dependency on log4j. You should seek support - from the application vendor in this instance. It is possible to configure Apache - Tomcat 9.0.x to use log4j 2.x for Tomcat's internal logging. This requires explicit - configuration and the addition of the log4j 2.x library. Anyone who has switched - Tomcat's internal logging to log4j 2.x is likely to need to address this vulnerability. - In most cases, disabling the problematic feature will be the simplest solution. - Exactly how to do that depends on the exact version of log4j 2.x being used. - Details are provided on the [log4j 2.x security page](https://logging.apache.org/log4j/2.x/security.html) + - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + notes: Formerly Big Cloud Fabric references: - '' - last_updated: '2021-12-21T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Business Edition + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: AirWave Management Platform cves: cve-2021-4104: investigated: false @@ -2702,13 +7972,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - v9.5 - - v10.0.1 - - v10.0.2 - - v10.0.3 - - v10.0.4 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2720,13 +7986,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APC by Schneider Electric - product: Powerchute Network Shutdown + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Analytics and Location Engine cves: cve-2021-4104: investigated: false @@ -2736,12 +8002,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - '4.2' - - '4.3' - - '4.4' - - 4.4.1 - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2753,13 +8016,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.exchange.se.com/t5/APC-UPS-Data-Center-Backup/Log4-versions-used-in-Powerchute-vulnerable/m-p/379866/highlight/true#M47345 - notes: Mitigation instructions to remove the affected class. + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Apereo - product: CAS + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -2768,10 +8031,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - 6.3.x & 6.4.x + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2783,13 +8046,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://apereo.github.io/2021/12/11/log4j-vuln/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apereo - product: Opencast + - vendor: Aruba Networks + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -2798,11 +8061,40 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - < 9.10 - - < 10.6 + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: ArubaOS-CX Switches + cves: + cve-2021-4104: + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2814,13 +8106,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://github.com/opencast/opencast/security/advisories/GHSA-mf4f-j588-5xm8 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apigee - product: '' + - vendor: Aruba Networks + product: ArubaOS-S Switches cves: cve-2021-4104: investigated: false @@ -2828,10 +8120,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Central + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2843,13 +8166,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.apigee.com/incidents/3cgzb0q2r10p + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Apollo - product: '' + - vendor: Aruba Networks + product: Central On-Prem cves: cve-2021-4104: investigated: false @@ -2857,10 +8180,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2872,13 +8196,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.apollographql.com/t/log4j-vulnerability/2214 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appdynamics - product: '' + - vendor: Aruba Networks + product: ClearPass Policy Manager cves: cve-2021-4104: investigated: false @@ -2886,10 +8210,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2901,13 +8226,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.appdynamics.com/display/PAA/Security+Advisory%3A+Apache+Log4j+Vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appeon - product: PowerBuilder + - vendor: Aruba Networks + product: EdgeConnect cves: cve-2021-4104: investigated: false @@ -2916,10 +8241,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - Appeon PowerBuilder 2017-2021 regardless of product edition + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2930,13 +8255,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: AppGate - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Fabric Composer (AFC) cves: cve-2021-4104: investigated: false @@ -2944,10 +8270,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2959,13 +8286,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.appgate.com/blog/appgate-sdp-unaffected-by-log4j-vulnerability + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Appian - product: Appian Platform + - vendor: Aruba Networks + product: HP ProCurve Switches cves: cve-2021-4104: investigated: false @@ -2975,9 +8302,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2989,13 +8316,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appian.com/support/w/kb/2511/kb-2204-information-about-the-log4j2-security-vulnerabilities-cve-2021-44228-cve-2021-45046 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant cves: cve-2021-4104: investigated: false @@ -3003,11 +8330,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: - - Not Affected + investigated: true + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3018,13 +8345,14 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: Application Performance Ltd - product: DBMarlin + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant Access Points cves: cve-2021-4104: investigated: false @@ -3032,10 +8360,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3047,13 +8376,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.dbmarlin.com/docs/faqs/frequently-asked-questions/?_ga=2.72968147.1563671049.1639624574-1296952804.1639624574#apache-log4j-vulnerability-cve-2021-4428 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-15T00:00:00' - - vendor: APPSHEET - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Instant On cves: cve-2021-4104: investigated: false @@ -3061,10 +8390,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3076,13 +8406,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.appsheet.com/t/appsheet-statement-on-log4j-vulnerability-cve-2021-44228/59976 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aptible - product: Aptible + - vendor: Aruba Networks + product: IntroSpect cves: cve-2021-4104: investigated: false @@ -3091,9 +8421,9 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - ElasticSearch 5.x - fixed_versions: [] + affected_versions: [] + fixed_versions: + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3106,13 +8436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.aptible.com/incidents/gk1rh440h36s?u=zfbcrbt2lkv4 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aqua Security - product: '' + - vendor: Aruba Networks + product: Legacy GMS Products cves: cve-2021-4104: investigated: false @@ -3120,9 +8450,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -3135,13 +8466,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.google.com/document/d/e/2PACX-1vSmFR3oHPXOih1wENKd7RXn0dsHzgPUe91jJwDTsaVxJtcJEroktWNLq7BMUx9v7oDZRHqLVgkJnqCm/pub + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arbiter Systems - product: All + - vendor: Aruba Networks + product: Legacy NX cves: cve-2021-4104: investigated: false @@ -3149,10 +8480,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3164,13 +8496,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arbiter.com/news/index.php?id=4403 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: ARC Informatique - product: All + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -3181,7 +8513,8 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3193,13 +8526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.pcvuesolutions.com/support/index.php/en/security-bulletin/1141-security-bulletin-2021-1 + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' - last_updated: '2022-01-13T00:00:00' - - vendor: Arca Noae - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -3207,10 +8540,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3222,13 +8556,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arcanoae.com/apache-log4j-vulnerability-cve-2021-44228/ + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arcserve - product: Arcserve Backup + - vendor: Aruba Networks + product: NetEdit cves: cve-2021-4104: investigated: false @@ -3240,7 +8574,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3252,13 +8586,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Continuous Availability + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Plexxi Composable Fabric Manager (CFM) cves: cve-2021-4104: investigated: false @@ -3270,7 +8604,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3282,13 +8616,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve Email Archiving + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: Silver Peak Orchestrator cves: cve-2021-4104: investigated: false @@ -3298,9 +8632,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3312,13 +8646,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Arcserve UDP + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: User Experience Insight (UXI) cves: cve-2021-4104: investigated: false @@ -3330,7 +8664,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 6.5-8.3 + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3342,13 +8676,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowProtect + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Aruba Networks + product: VIA Clients cves: cve-2021-4104: investigated: false @@ -3360,7 +8694,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3372,13 +8706,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-019.txt notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: ShadowXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Ataccama + product: All cves: cve-2021-4104: investigated: false @@ -3386,11 +8720,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3402,13 +8735,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: Solo + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atera + product: All cves: cve-2021-4104: investigated: false @@ -3416,11 +8749,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3432,13 +8764,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update + - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ notes: '' references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: Arcserve - product: StorageCraft OneXafe + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bamboo Server & Data Center cves: cve-2021-4104: investigated: false @@ -3447,10 +8779,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On Prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3462,13 +8794,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.storagecraft.com/s/article/Log4J-Update - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - - '[https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US](https://support.storagecraft.com/s/question/0D51R000089NnT3SAK/does-storagecraft-have-a-publicly-available-response-to-the-log4j-vulnerability-is-there-a-reference-for-any-findings-negative-positive-the-company-has-in-their-investigations-it-seems-it-would-greatly-benefit-support-and-customers-both?language=en_US)' - last_updated: '2021-12-14T00:00:00' - - vendor: ArcticWolf - product: '' + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atlassian + product: Bitbucket Server & Data Center cves: cve-2021-4104: investigated: false @@ -3476,9 +8808,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -3491,13 +8824,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://arcticwolf.com/resources/blog/log4j - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: This product is not vulnerable to remote code execution but may leak information + due to the bundled Elasticsearch component being vulnerable. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arduino - product: '' + - vendor: Atlassian + product: Confluence Server & Data Center cves: cve-2021-4104: investigated: false @@ -3505,8 +8839,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3520,13 +8855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.arduino.cc/hc/en-us/articles/4412377144338-Arduino-s-response-to-Log4j2-vulnerability-CVE-2021-44228 - notes: '' + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html + notes: Only vulnerable when using non-default config, cloud version fixed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ariba - product: '' + - vendor: Atlassian + product: Confluence-CIS CSAT Pro cves: cve-2021-4104: investigated: false @@ -3534,8 +8869,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3549,13 +8885,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://connectsupport.ariba.com/sites#announcements-display&/Event/908469 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Arista - product: '' + - vendor: Atlassian + product: Confluence-CIS WorkBench cves: cve-2021-4104: investigated: false @@ -3563,10 +8899,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3578,13 +8915,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.arista.com/en/support/advisories-notices/security-advisories/13425-security-advisory-0070 + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Aruba Networks - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Lite cves: cve-2021-4104: investigated: false @@ -3592,8 +8929,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3607,13 +8945,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://asp.arubanetworks.com/notifications/Tm90aWZpY2F0aW9uOjEwMTQ0;notificationCategory=Security + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Ataccama - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v3 Full and Dissolvable cves: cve-2021-4104: investigated: false @@ -3621,8 +8959,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3636,13 +8975,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.ataccama.com/files/log4j2-vulnerability-cve-2021-44228-fix.pdf + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Atera - product: '' + - vendor: Atlassian + product: Confluence-CIS-CAT Pro Assessor v4 cves: cve-2021-4104: investigated: false @@ -3650,8 +8989,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -3665,13 +9005,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.reddit.com/r/atera/comments/rh7xb1/apache_log4j_2_security_advisory_update/ + - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bamboo Server & Data Center + product: Confluence-CIS-CAT Pro Assessor v4 Service cves: cve-2021-4104: investigated: false @@ -3680,10 +9020,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - v1.13.0 fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3696,13 +9036,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Bitbucket Server & Data Center + product: Confluence-CIS-CAT Pro Dashboard cves: cve-2021-4104: investigated: false @@ -3711,10 +9050,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3727,13 +9066,12 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product is not vulnerable to remote code execution but may leak information - due to the bundled Elasticsearch component being vulnerable. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Atlassian - product: Confluence Server & Data Center + product: Confluence-CIS-Hosted CSAT cves: cve-2021-4104: investigated: false @@ -3745,7 +9083,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -3758,8 +9096,7 @@ software: unaffected_versions: [] vendor_links: - https://confluence.atlassian.com/security/multiple-products-security-advisory-log4j-vulnerable-to-remote-code-execution-cve-2021-44228-1103069934.html - notes: This product may be affected by a related but lower severity vulnerability - if running in a specific non-default configuration. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -3773,10 +9110,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3804,10 +9141,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3835,10 +9172,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3866,10 +9203,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - On prem fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3887,8 +9224,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Attivo networks - product: '' + - vendor: Attivo Networks + product: All cves: cve-2021-4104: investigated: false @@ -3949,7 +9286,7 @@ software: - '' last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -3978,7 +9315,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Autodesk - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -4013,8 +9350,8 @@ software: references: - '' last_updated: '2021-12-21T00:00:00' - - vendor: Automox - product: '' + - vendor: Automation Anywhere + product: Automation 360 Cloud cves: cve-2021-4104: investigated: false @@ -4022,10 +9359,42 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automation Anywhere + product: Automation 360 On Premise + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -4037,13 +9406,46 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 - notes: '' + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Autopsy - product: '' + - vendor: Automation Anywhere + product: Automation Anywhere + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 11.x + - <11.3x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Automox + product: All cves: cve-2021-4104: investigated: false @@ -4066,13 +9468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + - https://blog.automox.com/log4j-critical-vulnerability-scores-a-10 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Auvik - product: '' + - vendor: Autopsy + product: All cves: cve-2021-4104: investigated: false @@ -4095,13 +9497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://status.auvik.com/incidents/58bfngkz69mj + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avantra SYSLINK - product: '' + - vendor: Auvik + product: All cves: cve-2021-4104: investigated: false @@ -4124,13 +9526,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability + - https://status.auvik.com/incidents/58bfngkz69mj notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Avaya - product: Avaya Analytics + - vendor: Avantra SYSLINK + product: All cves: cve-2021-4104: investigated: false @@ -4138,13 +9540,8 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: - - '3.5' - - '3.6' - - 3.6.1 - - '3.7' - - '4' + investigated: false + affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4158,13 +9555,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 + - https://support.avantra.com/support/solutions/articles/44002291388-cve-2021-44228-log4j-2-vulnerability notes: '' references: - '' - last_updated: '2021-12-14T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private + product: Avaya Analytics cves: cve-2021-4104: investigated: false @@ -4172,8 +9569,13 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '3.5' + - '3.6' + - 3.6.1 + - '3.7' + - '4' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4188,15 +9590,12 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + notes: '' references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Application Enablement Services + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -4228,7 +9627,7 @@ software: - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Contact Center + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -4262,7 +9661,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -4273,7 +9672,10 @@ software: investigated: true affected_versions: - '8' + - 8.0.1 + - 8.0.2 - '8.1' + - 8.1.3 - 8.1.4 - 8.1.5 fixed_versions: [] @@ -4295,7 +9697,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -4305,9 +9707,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 8.0.1 - - 8.0.2 - - 8.1.3 + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4322,12 +9722,15 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Media Server + product: Avaya Aura Media Server cves: cve-2021-4104: investigated: false @@ -4359,7 +9762,7 @@ software: - '[PSN020549u](https://download.avaya.com/css/secure/documents/101079316)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Presence Services + product: Avaya Aura Presence Services cves: cve-2021-4104: investigated: false @@ -4398,7 +9801,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Session Manager + product: Avaya Aura Session Manager cves: cve-2021-4104: investigated: false @@ -4435,7 +9838,7 @@ software: - '[PSN020550u](https://download.avaya.com/css/public/documents/101079384)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® System Manager + product: Avaya Aura System Manager cves: cve-2021-4104: investigated: false @@ -4466,7 +9869,7 @@ software: - '[PSN005565u](https://download.avaya.com/css/secure/documents/101079390)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura® Web Gateway + product: Avaya Aura Web Gateway cves: cve-2021-4104: investigated: false @@ -4479,7 +9882,7 @@ software: - 3.11[P] - 3.8.1[P] - 3.8[P] - - 3.9.1 [P] + - 3.9.1[P] - 3.9[P] fixed_versions: [] unaffected_versions: [] @@ -4500,7 +9903,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Breeze™ + product: Avaya Breeze cves: cve-2021-4104: investigated: false @@ -4658,7 +10061,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya one cloud private -UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -4668,7 +10071,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4688,7 +10091,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -4698,7 +10101,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4760,8 +10163,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -4936,7 +10340,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Equinox™ Conferencing + product: Equinox Conferencing cves: cve-2021-4104: investigated: false @@ -4996,7 +10400,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: IP Office™ Platform + product: IP Office Platform cves: cve-2021-4104: investigated: false @@ -5062,7 +10466,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: AVEPOINT - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5091,7 +10495,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AVM - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5099,10 +10503,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5115,12 +10520,12 @@ software: unaffected_versions: [] vendor_links: - https://avm.de/service/aktuelle-sicherheitshinweise/#Schwachstelle%20im%20Java-Projekt%20%E2%80%9Elog4j%E2%80%9C - notes: '' + notes: devices, firmware, software incl. MyFritz Service. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AvTech RoomAlert - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5148,8 +10553,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: AWS New - product: '' + - vendor: AXIS + product: OS cves: cve-2021-4104: investigated: false @@ -5157,10 +10562,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5172,13 +10578,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + - https://help.axis.com/axis-os notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXON - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5207,7 +10613,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: AXS Guard - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -5236,7 +10642,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Axways Applications - product: '' + product: All cves: cve-2021-4104: investigated: false diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 22dcda9..f15fbf7 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -134,8 +134,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'Track Sample Manager (TSM)' - - 'Track Workflow Manager (TWM)' + - Track Sample Manager (TSM) + - Track Workflow Manager (TWM) fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -150,7 +150,8 @@ software: unaffected_versions: [] vendor_links: - https://www.abbott.com/policies/cybersecurity/apache-Log4j.html - notes: Abbott will provide a fix for this in a future update expected in January 2022. + notes: Abbott will provide a fix for this in a future update expected in January + 2022. references: - '' last_updated: '2021-12-15T00:00:00' @@ -196,7 +197,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -210,8 +211,8 @@ software: unaffected_versions: [] vendor_links: - https://www.accellence.de/en/articles/cve-2021-44228-62 - notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although - it includes several 3rd-party software setups, which may be affected. + notes: EBÜS itself is not vulnerable to CVE-2021-44228. Although it includes several + 3rd-party software setups, which may be affected. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -257,7 +258,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v7.6 release' + - v7.6 release unaffected_versions: [] cve-2021-45046: investigated: false @@ -271,8 +272,8 @@ software: unaffected_versions: [] vendor_links: - https://www.kiteworks.com/kiteworks-news/log4shell-apache-vulnerability-what-kiteworks-customers-need-to-know/ - notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to - address the vulnerability. This patch release adds the mitigation for CVE-2021-44228 + notes: As a precaution, Kiteworks released a 7.6.1 Hotfix software update to address + the vulnerability. This patch release adds the mitigation for CVE-2021-44228 contained in the Solr package as recommended by Apache Solr group. Specifically, it updates the Log4j library to a non-vulnerable version on CentOS 7 systems as well as adds the recommended option “$SOLR_OPTS -Dlog4j2.formatMsgNoLookups=true" @@ -952,7 +953,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.6.2 onwards' + - 8.6.2 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -983,7 +984,7 @@ software: fixed_versions: [] unaffected_versions: - '3.5' - - '4.x' + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -1043,7 +1044,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '2017 onwards' + - 2017 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1103,7 +1104,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '10.7 onwards' + - 10.7 onwards cve-2021-45046: investigated: false affected_versions: [] @@ -1224,7 +1225,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1254,7 +1255,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1284,7 +1285,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1314,7 +1315,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1332,7 +1333,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix - product: IAST-Java + product: IAST - NodeJS cves: cve-2021-4104: investigated: false @@ -1342,9 +1343,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - 'All' - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1357,12 +1358,12 @@ software: unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ - notes: AcuSensor IAST module needs attention. + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix - product: IAST - NodeJS + product: IAST - PHP cves: cve-2021-4104: investigated: false @@ -1374,7 +1375,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1392,7 +1393,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Acunetix - product: IAST - PHP + product: IAST-Java cves: cve-2021-4104: investigated: false @@ -1402,9 +1403,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 'All' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1417,7 +1418,7 @@ software: unaffected_versions: [] vendor_links: - https://www.acunetix.com/blog/web-security-zone/critical-alert-log4shell-cve-2021-44228-in-log4j-possibly-the-biggest-impact-vulnerability-ever/ - notes: '' + notes: AcuSensor IAST module needs attention. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -1523,9 +1524,9 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.9.9' - - '6.9.10' - - '6.9.11' + - 6.9.9 + - 6.9.10 + - 6.9.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1615,7 +1616,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions from 6.3 GA to 6.3.3' + - All versions from 6.3 GA to 6.3.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1675,7 +1676,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions from 6.4 GA to 6.4.8' + - All versions from 6.4 GA to 6.4.8 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1735,7 +1736,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All versions from 6.5 GA to 6.5.11' + - All versions from 6.5 GA to 6.5.11 unaffected_versions: [] cve-2021-45046: investigated: false @@ -1766,7 +1767,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1796,7 +1797,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2009,7 +2010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2039,7 +2040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2069,7 +2070,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2099,7 +2100,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2129,7 +2130,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2159,7 +2160,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '8.0.7 - 8.4.3' + - 8.0.7 - 8.4.3 cve-2021-45046: investigated: false affected_versions: [] @@ -2218,7 +2219,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '1.6+' + - 1.6+ cve-2021-45046: investigated: false affected_versions: [] @@ -2248,7 +2249,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'version 8.5.4.86 (and above)' + - version 8.5.4.86 (and above) cve-2021-45046: investigated: false affected_versions: [] @@ -2308,7 +2309,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2367,7 +2368,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '<1.7.4' + - <1.7.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2381,8 +2382,8 @@ software: unaffected_versions: [] vendor_links: - https://developer.akamai.com/tools/integrations/siem/siem-cef-connector#release-notes - notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, - CVE-2021-45046 and CVE-2021-45105. + notes: Akamai SIEM Integration Connector is vulnerable to CVE-2021-44228, CVE-2021-45046 + and CVE-2021-45105. references: - '' last_updated: '2021-12-15T00:00:00' @@ -2398,7 +2399,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.4.10' + - < 1.4.10 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2458,7 +2459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '5.15.0' + - 5.15.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -2489,7 +2490,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2519,7 +2520,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2712,9 +2713,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Work in progress, portion of customers may still be vulnerable. - Actively monitoring this issue, and are working on addressing it for - any AMS services which use Log4j2. + notes: Work in progress, portion of customers may still be vulnerable. Actively + monitoring this issue, and are working on addressing it for any AMS services + which use Log4j2. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -2834,8 +2835,8 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: [] - notes: Amazon Linux 1 had aws apitools which were Java based but these - were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). + notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated + in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. references: @@ -2973,7 +2974,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 3.4.1' + - < 3.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -3169,13 +3170,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache Log4j2 utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions. + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3205,13 +3206,13 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: To help mitigate the impact of the open-source Apache Log4j2 utility - (CVE-2021-44228 and CVE-2021-45046) security issues on customers’ containers, - Amazon EKS, Amazon ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). - This hot-patch will require customer opt-in to use, and disables JNDI lookups - from the Log4J2 library in customers’ containers. These updates are available - as an Amazon Linux package for Amazon ECS customers, as a DaemonSet for Kubernetes - users on AWS, and will be in supported AWS Fargate platform versions. + notes: To help mitigate the impact of the open-source Apache Log4j2 utility (CVE-2021-44228 + and CVE-2021-45046) security issues on customers’ containers, Amazon EKS, Amazon + ECS, and AWS Fargate are deploying a Linux-based update (hot-patch). This hot-patch + will require customer opt-in to use, and disables JNDI lookups from the Log4J2 + library in customers’ containers. These updates are available as an Amazon Linux + package for Amazon ECS customers, as a DaemonSet for Kubernetes users on AWS, + and will be in supported AWS Fargate platform versions. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3331,7 +3332,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available as platform versions. + notes: Opt-in hot-patch to mitigate the Log4j issue in JVM layer will be available + as platform versions. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3361,7 +3363,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Has been updated. Vulnerable only if ETL jobs load affected versions of Apache Log4j. + notes: Has been updated. Vulnerable only if ETL jobs load affected versions of + Apache Log4j. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3391,10 +3394,10 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) - and Secure Tunneling (1.0.6) are available. For Greengrass versions 1.10.x - and 1.11.x, an update for the Stream Manager feature is included in Greengrass - patch versions 1.10.5 and 1.11.5. + notes: Updates for all Greengrass V2 components Stream Manager (2.0.14) and Secure + Tunneling (1.0.6) are available. For Greengrass versions 1.10.x and 1.11.x, + an update for the Stream Manager feature is included in Greengrass patch versions + 1.10.5 and 1.11.5. references: - '' last_updated: '2021-12-16T00:00:00' @@ -3454,8 +3457,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made available; - OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher (v2.0.2). + notes: Updates for all AWS IoT SiteWise Edge components that use Log4j were made + available; OPC-UA collector (v2.0.3), Data processing pack (v2.0.14), and Publisher + (v2.0.2). references: - '' last_updated: '2021-12-17T00:00:00' @@ -3489,7 +3493,8 @@ software: The Kinesis Client Library (KCL) version 2.X and the Kinesis Producer Library (KPL) are not impacted. For customers using KCL 1.x, we have released an updated version and we strongly recommend that all KCL version 1.x customers upgrade - to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are not vulnerable. + to KCL version 1.14.5 (or higher). KCL 2.x, KCL 1.14.5 or higher, and KPL are + not vulnerable. references: - '' last_updated: '2021-12-14T00:00:00' @@ -3942,8 +3947,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon Chime and Chime SDK services have been updated to mitigate - the issues identified in CVE-2021-44228 and CVE-2021-45046. + notes: Amazon Chime and Chime SDK services have been updated to mitigate the issues + identified in CVE-2021-44228 and CVE-2021-45046. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4093,8 +4098,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: 10/19 release distribution does not include Log4j. Vulnerable only - if customers applications use affected versions of Apache Log4j. + notes: 10/19 release distribution does not include Log4j. Vulnerable only if customers + applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4154,7 +4159,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux 2022 is affected. + notes: Packages for Amazon Linux 1 and 2 not affected, package for Amazon Linux + 2022 is affected. references: - '' last_updated: '2021-12-15T00:00:00' @@ -4184,8 +4190,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Amazon-owned images published under a Verified Account on Amazon - ECR Public are not affected by the Log4j issue. + notes: Amazon-owned images published under a Verified Account on Amazon ECR Public + are not affected by the Log4j issue. references: - '' last_updated: '2021-12-15T00:00:00' @@ -4246,8 +4252,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Many customers are estimated to be vulnerable. Vulnerable only - if affected EMR releases are used and untrusted sources are configured to be processed. + notes: Many customers are estimated to be vulnerable. Vulnerable only if affected + EMR releases are used and untrusted sources are configured to be processed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4398,7 +4404,8 @@ software: vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Applying updates as required, portion of customers may still be vulnerable. - Some MSK-specific service components use Log4j > 2.0.0 library and are being patched where needed. + Some MSK-specific service components use Log4j > 2.0.0 library and are being + patched where needed. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4548,8 +4555,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Update in progress, portion of customers may still be vulnerable. - AWS Lake Formation service hosts are being updated to the latest version of Log4j. + notes: Update in progress, portion of customers may still be vulnerable. AWS Lake + Formation service hosts are being updated to the latest version of Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4609,7 +4616,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM layer issue is available. + notes: By default not vulnerable. Opt-in hot-patch to mitigate the Log4j in JVM + layer issue is available. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4639,9 +4647,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: By default not vulnerable, and a new version of Amazon Kinesis Agent - which is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate - the Log4j issue in JVM layer is available. + notes: By default not vulnerable, and a new version of Amazon Kinesis Agent which + is part of AL2 addresses the Log4j issue. Opt-in hot-patch to mitigate the Log4j + issue in JVM layer is available. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -4927,7 +4935,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'R20211203-P2' + - R20211203-P2 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5151,8 +5159,8 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). - Vulnerable only if customers applications use affected versions of Apache Log4j. + notes: Completed patching for the Apache Log4j2 issue (CVE-2021-44228). Vulnerable + only if customers applications use affected versions of Apache Log4j. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5424,9 +5432,9 @@ software: unaffected_versions: [] vendor_links: - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ - notes: Not affected with default configurations. WorkDocs Sync client - versions 1.2.895.1 and older within Windows WorkSpaces, which contain - the Log4j component, are vulnerable; For update instruction, see source for more info. + notes: Not affected with default configurations. WorkDocs Sync client versions + 1.2.895.1 and older within Windows WorkSpaces, which contain the Log4j component, + are vulnerable; For update instruction, see source for more info. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -5474,7 +5482,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '4.10.3' + - 4.10.3 cve-2021-45046: investigated: false affected_versions: [] @@ -5598,7 +5606,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.2.6' + - 2.2.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5741,7 +5749,7 @@ software: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Karaf + product: Camel Kafka Connector cves: cve-2021-4104: investigated: false @@ -5750,10 +5758,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - '' + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -5766,13 +5774,12 @@ software: unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ - notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release - with updated log4j. + notes: '' references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Quarkus + product: Camel Karaf cves: cve-2021-4104: investigated: false @@ -5781,10 +5788,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: + affected_versions: - '' + fixed_versions: [] + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -5797,12 +5804,13 @@ software: unaffected_versions: [] vendor_links: - https://camel.apache.org/blog/2021/12/log4j2/ - notes: '' + notes: The Karaf team is aware of this and are working on a new Karaf 4.3.4 release + with updated log4j. references: - '' last_updated: '2021-12-13T00:00:00' - vendor: Apache - product: Camel Kafka Connector + product: Camel Quarkus cves: cve-2021-4104: investigated: false @@ -5844,7 +5852,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -5873,7 +5881,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '0.22.1' + - 0.22.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -5903,7 +5911,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -5951,11 +5959,11 @@ software: unaffected_versions: [] vendor_links: - https://flink.apache.org/2021/12/10/log4j-cve.html - notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 - releases, which were supposed to only contain a Log4j upgrade to 2.15.0, were - skipped because CVE-2021-45046 was discovered during the release publication. - The new 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade - for Log4j to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. + notes: To clarify and avoid confusion, the 1.14.1 / 1.13.4 / 1.12.6 / 1.11.5 releases, + which were supposed to only contain a Log4j upgrade to 2.15.0, were skipped + because CVE-2021-45046 was discovered during the release publication. The new + 1.14.2 / 1.13.5 / 1.12.7 / 1.11.6 releases include a version upgrade for Log4j + to version 2.16.0 to address CVE-2021-44228 and CVE-2021-45046. references: - '[https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html](https://flink.apache.org/news/2021/12/16/log4j-patch-releases.html)' last_updated: '2021-12-12T00:00:00' @@ -5971,7 +5979,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 2.0.7' + - < 2.0.7 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6001,7 +6009,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.14.0' + - 1.14.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6032,7 +6040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6121,7 +6129,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.x' + - 4.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -6150,7 +6158,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.6.0' + - 3.6.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6181,7 +6189,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 4.3.1' + - < 4.3.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6210,7 +6218,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'All' + - All fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6241,7 +6249,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.11.1' + - 2.11.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6302,7 +6310,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6330,7 +6338,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.17.1' + - 2.17.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6362,7 +6370,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6392,7 +6400,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6421,7 +6429,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 18.12.03' + - < 18.12.03 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6451,7 +6459,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 1.2.1' + - < 1.2.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6481,7 +6489,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 8.9.1' + - < 8.9.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6511,8 +6519,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '7.4.0 to 7.7.3' - - '8.0.0 to 8.11.0' + - 7.4.0 to 7.7.3 + - 8.0.0 to 8.11.0 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6526,7 +6534,8 @@ software: unaffected_versions: [] vendor_links: - https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228 - notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several configurations. + notes: Fixed in 8.11.1, Versions before 7.4 also vulnerable when using several + configurations. references: - '[Apache Solr 8.11.1 downloads](https://solr.apache.org/downloads.html)' last_updated: '2021-12-16T00:00:00' @@ -6543,7 +6552,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -6571,7 +6580,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.5.28' + - 2.5.28 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6634,7 +6643,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '5.7.3' + - 5.7.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6664,7 +6673,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2.0.0 and up' + - 2.0.0 and up fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -6793,11 +6802,11 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'v9.5' - - 'v10.0.1' - - 'v10.0.2' - - 'v10.0.3' - - 'v10.0.4' + - v9.5 + - v10.0.1 + - v10.0.2 + - v10.0.3 + - v10.0.4 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6830,7 +6839,7 @@ software: - '4.2' - '4.3' - '4.4' - - '4.4.1' + - 4.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6860,8 +6869,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '6.3.x' - - '6.4.x' + - 6.3.x + - 6.4.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -6891,8 +6900,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '< 9.10' - - '< 10.6' + - < 9.10 + - < 10.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -6923,7 +6932,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7574,7 +7583,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.8.17' + - 1.8.17 unaffected_versions: [] cve-2021-45046: investigated: false @@ -7832,7 +7841,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: ArubaOS Wi-Fi Controllers and Gateways + product: ArubaOS SD-WAN Gateways cves: cve-2021-4104: investigated: false @@ -7862,7 +7871,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: ArubaOS SD-WAN Gateways + product: ArubaOS Wi-Fi Controllers and Gateways cves: cve-2021-4104: investigated: false @@ -8233,7 +8242,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Versions 2.5.0.0 to 2.5.0.6' + - Versions 2.5.0.0 to 2.5.0.6 unaffected_versions: [] cve-2021-45046: investigated: false @@ -8312,7 +8321,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: Legacy VX + product: Legacy VRX cves: cve-2021-4104: investigated: false @@ -8342,7 +8351,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Aruba Networks - product: Legacy VRX + product: Legacy VX cves: cve-2021-4104: investigated: false @@ -8590,7 +8599,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On Prem' + - On Prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8621,7 +8630,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'On prem' + - On prem unaffected_versions: [] cve-2021-45046: investigated: false @@ -8651,7 +8660,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On prem' + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8681,7 +8690,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v1.7.1' + - v1.7.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8741,7 +8750,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v4.13.0' + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8771,7 +8780,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v3.0.77' + - v3.0.77 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8801,7 +8810,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v4.13.0' + - v4.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8831,7 +8840,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'v1.13.0' + - v1.13.0 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8952,7 +8961,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On prem' + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -8983,7 +8992,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - 'On prem' + - On prem fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9186,7 +9195,8 @@ software: unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -9216,7 +9226,8 @@ software: unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -9232,8 +9243,8 @@ software: investigated: true affected_versions: [] fixed_versions: - - '11.x' - - '<11.3x' + - 11.x + - <11.3x unaffected_versions: [] cve-2021-45046: investigated: false @@ -9247,7 +9258,8 @@ software: unaffected_versions: [] vendor_links: - https://apeople.automationanywhere.com/s/login/?language=en_US&startURL=%2Fs%2Farticle%2FA360-Cloud-Zero-day-in-the-Log4j-Java-library&ec=302 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -9402,7 +9414,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura for OneCloud Private + product: Avaya Aura Application Enablement Services cves: cve-2021-4104: investigated: false @@ -9412,7 +9424,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '' + - 8.1.3.2 + - 8.1.3.3 + - '10.1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9427,15 +9441,12 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: Avaya is scanning and monitoring its OneCloud Private environments as part - of its management activities. Avaya will continue to monitor this fluid situation - and remediations will be made as patches become available, in accordance with - appropriate change processes. + notes: '' references: - - '' + - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura Application Enablement Services + product: Avaya Aura Contact Center cves: cve-2021-4104: investigated: false @@ -9445,9 +9456,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.1.3.2' - - '8.1.3.3' - - '10.1' + - 7.0.2 + - 7.0.3 + - '7.1' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9464,10 +9477,10 @@ software: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 notes: '' references: - - '[PSN020551u](https://download.avaya.com/css/public/documents/101079386)' + - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura Contact Center + product: Avaya Aura Device Services cves: cve-2021-4104: investigated: false @@ -9477,11 +9490,13 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.0.2' - - '7.0.3' - - '7.1' - - '7.1.1' - - '7.1.2' + - '8' + - 8.0.1 + - 8.0.2 + - '8.1' + - 8.1.3 + - 8.1.4 + - 8.1.5 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9501,7 +9516,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya Aura Device Services + product: Avaya Aura for OneCloud Private cves: cve-2021-4104: investigated: false @@ -9511,13 +9526,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8' - - '8.0.1' - - '8.0.2' - - '8.1' - - '8.1.3' - - '8.1.4' - - '8.1.5' + - '' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9532,7 +9541,10 @@ software: unaffected_versions: [] vendor_links: - https://support.avaya.com/helpcenter/getGenericDetails?detailId=1399839287609 - notes: '' + notes: Avaya is scanning and monitoring its OneCloud Private environments as part + of its management activities. Avaya will continue to monitor this fluid situation + and remediations will be made as patches become available, in accordance with + appropriate change processes. references: - '' last_updated: '2021-12-14T00:00:00' @@ -9547,9 +9559,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.0.0' - - '8.0.1' - - '8.0.2' + - 8.0.0 + - 8.0.1 + - 8.0.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9580,15 +9592,15 @@ software: investigated: true affected_versions: - '10.1' - - '7.1.2' + - 7.1.2 - '8' - - '8.0.1' - - '8.0.2' + - 8.0.1 + - 8.0.2 - '8.1' - - '8.1.1' - - '8.1.2' - - '8.1.3' - - '8.1.4' + - 8.1.1 + - 8.1.2 + - 8.1.3 + - 8.1.4 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9619,13 +9631,13 @@ software: investigated: true affected_versions: - '10.1' - - '7.1.3' + - 7.1.3 - '8' - - '8.0.1' + - 8.0.1 - '8.1' - - '8.1.1' - - '8.1.2' - - '8.1.3' + - 8.1.1 + - 8.1.2 + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9656,7 +9668,7 @@ software: investigated: true affected_versions: - '10.1' - - '8.1.3' + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9686,11 +9698,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.11[P]' - - '3.8.1[P]' - - '3.8[P]' - - '3.9.1[P]' - - '3.9[P]' + - 3.11[P] + - 3.8.1[P] + - 3.8[P] + - 3.9.1[P] + - 3.9[P] fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9722,7 +9734,7 @@ software: affected_versions: - '3.7' - '3.8' - - '3.8.1' + - 3.8.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9752,11 +9764,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.0.2' - - '7.0.3' + - 7.0.2 + - 7.0.3 - '7.1' - - '7.1.1' - - '7.1.2' + - 7.1.1 + - 7.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9816,7 +9828,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.1.22' + - 3.1.22 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9846,9 +9858,9 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.1.10' - - '9.1.11' - - '9.1.12' + - 9.1.10 + - 9.1.11 + - 9.1.12 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9868,7 +9880,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private-UCaaS - Mid Market Aura + product: Avaya OneCloud-Private cves: cve-2021-4104: investigated: false @@ -9878,7 +9890,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '1' + - '2' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9898,7 +9910,7 @@ software: - '' last_updated: '2021-12-14T00:00:00' - vendor: Avaya - product: Avaya OneCloud-Private + product: Avaya OneCloud-Private-UCaaS - Mid Market Aura cves: cve-2021-4104: investigated: false @@ -9908,7 +9920,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '2' + - '1' fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -9938,11 +9950,11 @@ software: cve-2021-44228: investigated: true affected_versions: - - '8.0.1' + - 8.0.1 - '8.1' - - '8.1.1' - - '8.1.2' - - '8.1.3' + - 8.1.1 + - 8.1.2 + - 8.1.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10066,7 +10078,7 @@ software: investigated: true affected_versions: - '5' - - '5.0.1' + - 5.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10096,8 +10108,8 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.0.2' - - '9.0.2.1' + - 9.0.2 + - 9.0.2.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10157,7 +10169,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '9.1.2' + - 9.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10187,7 +10199,7 @@ software: cve-2021-44228: investigated: true affected_versions: - - '7.3.9' + - 7.3.9 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10217,10 +10229,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '11.0.4' + - 11.0.4 - '11.1' - - '11.1.1' - - '11.1.2' + - 11.1.1 + - 11.1.2 fixed_versions: [] unaffected_versions: [] cve-2021-45046: @@ -10250,10 +10262,10 @@ software: cve-2021-44228: investigated: true affected_versions: - - '3.1.2' - - '3.1.3' + - 3.1.2 + - 3.1.3 - '4' - - '4.0.1' + - 4.0.1 fixed_versions: [] unaffected_versions: [] cve-2021-45046: From d189776a047540bfa28e938c182a886b4ea235b2 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Fri, 11 Feb 2022 14:15:11 -0500 Subject: [PATCH 236/268] Add missing AWS link --- data/cisagov_A.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 17499a2..56c19b8 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -1121,8 +1121,9 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] - notes: 'Notes: Amazon Linux 1 had aws apitools which were Java based but these + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ + notes: 'Notes- Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2' From 6bb3a3e13f2ac5cb199d5bc474e46a8135a44984 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 08:26:55 -0500 Subject: [PATCH 237/268] Add Barco products --- data/cisagov_B.yml | 258 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 250 insertions(+), 8 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 8368b2e..382dcb6 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -13,10 +13,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -33,8 +34,38 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' + - vendor: Backblaze + product: Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://help.backblaze.com/hc/en-us/articles/4412580603419 + notes: Cloud service patched. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BackBox - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -63,7 +94,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Balbix - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -92,7 +123,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Baramundi Products - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -121,7 +152,157 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Barco - product: '' + product: Demetra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Demetra + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Green Barco Wall Control Manager (gBCM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: MediCal QAWeb + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: NexxisOR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: OpSpace cves: cve-2021-4104: investigated: false @@ -129,10 +310,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.8 - 1.9.4.1' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.barco.com/en/support/knowledge-base/kb12495 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Transform N (TFN) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -150,7 +362,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Barracuda - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -178,8 +390,38 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Basis Technology + product: Autopsy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '4.18.0 onwards' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + notes: version 4.18.0 onwards use Apache Solr 8. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Baxter - product: '' + product: All cves: cve-2021-4104: investigated: false From b4ca4c9b95584c51dc9fdd4be0ee2a132e196531 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 13:32:04 -0500 Subject: [PATCH 238/268] Add BCT products --- data/cisagov_B.yml | 194 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 187 insertions(+), 7 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 382dcb6..88068ee 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -450,7 +450,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: APEX® Compounder + product: APEX Compounder cves: cve-2021-4104: investigated: false @@ -480,7 +480,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + product: DoseTrac Server, DoseLink Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -510,7 +510,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + product: Outlook Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -540,7 +540,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Pinnacle® Compounder + product: Pinnacle Compounder cves: cve-2021-4104: investigated: false @@ -570,7 +570,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + product: Pump, SpaceStation, and Space Wireless Battery cves: cve-2021-4104: investigated: false @@ -600,8 +600,8 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + product: Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor + Space Infusion cves: cve-2021-4104: investigated: false @@ -630,6 +630,186 @@ software: references: - '' last_updated: '2022-01-31T00:00:00' + - vendor: BCT + product: BerichtenCentrale (BCE) & Integrations + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BCT + product: CORSA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BCT + product: e-Invoice + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.10.210' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BCT + product: IDT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BCT + product: iGEN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BCT + product: LIBER + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '1.125.3' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: BD product: Arctic Sun™ Analytics cves: From a2a55d51e1650846409d703a4e5be0b5b10893b6 Mon Sep 17 00:00:00 2001 From: Sidgawri <64966459+Sidgawri@users.noreply.github.com> Date: Mon, 14 Feb 2022 13:47:41 -0500 Subject: [PATCH 239/268] Update cisagov_C.yml Providing the latest changes for Citrix products and services in context to the Log4j vulnerabilities --- data/cisagov_C.yml | 234 ++++++++++++++++++++------------------------- 1 file changed, 103 insertions(+), 131 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ab59ef7..5a553a2 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,22 +4588,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4622,22 +4620,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4650,27 +4646,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4683,27 +4678,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4717,27 +4711,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4750,31 +4743,23 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [10.14 RP3, 10.13 RP6, 10.12 RP11] unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4787,27 +4772,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4820,27 +4804,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4859,22 +4842,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4887,30 +4868,24 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [Linux Virtual Delivery Agent 2112] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: [Linux Virtual Delivery Agent 2112] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4929,22 +4904,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4957,27 +4930,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' From c1fa8e764aca1ee5fba0809dcea5f95e9dbadd90 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:15:05 -0500 Subject: [PATCH 240/268] Adjusted fix versions --- data/cisagov_C.yml | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index 5a553a2..ed26121 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4745,17 +4745,26 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [10.14 RP2, 10.13 RP5, 10.12 RP10] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45105: investigated: true affected_versions: [] - fixed_versions: [10.14 RP3, 10.13 RP6, 10.12 RP11] + fixed_versions: + - '10.14 RP3' + - '10.13 RP6' + - '10.12 RP11' unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 @@ -4870,12 +4879,14 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [Linux Virtual Delivery Agent 2112] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] - fixed_versions: [Linux Virtual Delivery Agent 2112] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45105: investigated: true From fe8c12349bc86cdc7c51eede11122fd90e5d91d1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:35:03 -0500 Subject: [PATCH 241/268] Fix trailing whitespace --- data/cisagov_C.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ed26121..b484a43 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4702,7 +4702,7 @@ software: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4790,7 +4790,7 @@ software: investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: + unaffected_versions: - All Platforms cve-2021-45105: investigated: true From 79616e8d66dede61e962c970aab2fda12e37c2d4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:38:27 -0500 Subject: [PATCH 242/268] Revert "Update cisagov_C.yml" --- data/cisagov_C.yml | 247 ++++++++++++++++++++++++--------------------- 1 file changed, 132 insertions(+), 115 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index b484a43..ab59ef7 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,20 +4588,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4620,20 +4622,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4646,26 +4650,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4678,31 +4683,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4711,26 +4717,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4743,32 +4750,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '10.14 RP3' - - '10.13 RP6' - - '10.12 RP11' + fixed_versions: [] unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised + to apply the latest CEM rolling patch updates listed below as soon as possible + to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); + [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); + and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). + Note: Customers who have upgraded their XenMobile Server to the updated versions + are recommended not to apply the responder policy mentioned in the blog listed + below to the Citrix ADC vserver in front of the XenMobile Server as it may impact + the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4781,26 +4787,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4813,26 +4820,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4851,20 +4859,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4877,26 +4887,30 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: + Customers are advised to apply the latest update as soon as possible to reduce + the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). + See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for + additional mitigations. For CVE-2021-45105: Investigation has shown that Linux + VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, + released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: + Linux VDA LTSR all versions; All other CVAD components.' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4915,20 +4929,22 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' @@ -4941,26 +4957,27 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45046: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] cve-2021-45105: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All Platforms + unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: '' + notes: Citrix continues to investigate any potential impact on Citrix-managed + cloud services. If, as the investigation continues, any Citrix-managed services + are found to be affected by this issue, Citrix will take immediate action to + remediate the problem. Customers using Citrix-managed cloud services do not + need to take any action. references: - '' last_updated: '2021-12-21T00:00:00' From 06dc0d8bdd35e00d25c3db34855e79f63e22e4b4 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Mon, 14 Feb 2022 16:59:20 -0500 Subject: [PATCH 243/268] Update Citrix products --- data/cisagov_C.yml | 247 +++++++++++++++++++++------------------------ 1 file changed, 115 insertions(+), 132 deletions(-) diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index ab59ef7..b484a43 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4588,22 +4588,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4622,22 +4620,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4650,27 +4646,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4683,32 +4678,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -4717,27 +4711,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4750,31 +4743,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.14 RP2' + - '10.13 RP5' + - '10.12 RP10' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '10.14 RP3' + - '10.13 RP6' + - '10.12 RP11' unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4787,27 +4781,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4820,27 +4813,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4859,22 +4851,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4887,30 +4877,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 'Linux Virtual Delivery Agent 2112' unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4929,22 +4915,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -4957,27 +4941,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' From fd89a69603318788a4acb2e33e6ae53a66ed0ec1 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Mon, 14 Feb 2022 22:06:02 +0000 Subject: [PATCH 244/268] Update the software list --- SOFTWARE-LIST.md | 24 ++--- data/cisagov.yml | 247 +++++++++++++++++++++------------------------ data/cisagov_C.yml | 22 ++-- 3 files changed, 138 insertions(+), 155 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 61321b9..a9552e2 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -745,18 +745,18 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Cisco | duo network gateway (on-prem/self-hosted) | | | Unknown | | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Exony Virtualized Interaction Manager (VIM) | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cisco | Managed Services Accelerator (MSX) Network Access Control Service | | | Unknown | [link](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Cloud Connector | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Connector Appliance for Cloud Services | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Content Collaboration (ShareFile Integration) – Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised to apply the latest CEM rolling patch updates listed below as soon as possible to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). Note: Customers who have upgraded their XenMobile Server to the updated versions are recommended not to apply the responder policy mentioned in the blog listed below to the Citrix ADC vserver in front of the XenMobile Server as it may impact the enrollment of Android devices. For CVE-2021-45105: Investigation in progress. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Hypervisor (XenServer) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix License Server | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: Customers are advised to apply the latest update as soon as possible to reduce the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for additional mitigations. For CVE-2021-45105: Investigation has shown that Linux VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: Linux VDA LTSR all versions; All other CVAD components. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | -| Citrix | ShareFile Storage Zones Controller | | | Unknown | [link](https://support.citrix.com/article/CTX335705) | Citrix continues to investigate any potential impact on Citrix-managed cloud services. If, as the investigation continues, any Citrix-managed services are found to be affected by this issue, Citrix will take immediate action to remediate the problem. Customers using Citrix-managed cloud services do not need to take any action. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix ADC (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Application Delivery Management (NetScaler MAS) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Cloud Connector | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Connector Appliance for Cloud Services | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Endpoint Management (Citrix XenMobile Server) | | 10.14 RP2, 10.13 RP5, 10.12 RP10 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Hypervisor (XenServer) | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix License Server | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix SD-WAN | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Virtual Apps and Desktops (XenApp & XenDesktop) | | Linux Virtual Delivery Agent 2112 | Fixed | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | Citrix Workspace App | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | +| Citrix | ShareFile Storage Zones Controller | | | Not Affected | [link](https://support.citrix.com/article/CTX335705) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-21 | | Claris | | | | Unknown | [link](https://support.claris.com/s/article/CVE-2021-44228-Apache-Log4j-Vulnerability-and-Claris-products?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | AM2CM Tool | | | Unknown | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Cloudera | Ambari | Only versions 2.x, 1.x | | Affected | [link](https://my.cloudera.com/knowledge/TSB-2021-545-Critical-vulnerability-in-log4j2-CVE-2021-44228?id=332019) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 7f791b8..6f63573 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -21569,22 +21569,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21603,22 +21601,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21631,27 +21627,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21664,32 +21659,31 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' - vendor: Citrix - product: Citrix Content Collaboration (ShareFile Integration) – Citrix Files for + product: Citrix Content Collaboration (ShareFile Integration)–Citrix Files for Windows, Citrix Files for Mac, Citrix Files for Outlook cves: cve-2021-4104: @@ -21698,27 +21692,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21731,31 +21724,32 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'For CVE-2021-44228 and CVE-2021-45046: Impacted–Customers are advised - to apply the latest CEM rolling patch updates listed below as soon as possible - to reduce the risk of exploitation. [XenMobile Server 10.14 RP2](https://support.citrix.com/article/CTX335763); - [XenMobile Server 10.13 RP5](https://support.citrix.com/article/CTX335753); - and [XenMobile Server 10.12 RP10](https://support.citrix.com/article/CTX335785). - Note: Customers who have upgraded their XenMobile Server to the updated versions - are recommended not to apply the responder policy mentioned in the blog listed - below to the Citrix ADC vserver in front of the XenMobile Server as it may impact - the enrollment of Android devices. For CVE-2021-45105: Investigation in progress.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21768,27 +21762,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21801,27 +21794,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21840,22 +21832,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21868,30 +21858,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: 'IMPACTED: Linux VDA (non-LTSR versions only)- CVE-2021-44228 and CVE-2021-45046: - Customers are advised to apply the latest update as soon as possible to reduce - the risk of exploitation. [Linux Virtual Delivery Agent 2112](https://www.citrix.com/downloads/citrix-virtual-apps-and-desktops/components/linux-vda-2112.html). - See the [Citrix Statement](https://support.citrix.com/article/CTX335705) for - additional mitigations. For CVE-2021-45105: Investigation has shown that Linux - VDA is not impacted. Nonetheless, the Linux VDA 2112 has been updated (21.12.0.30, - released December 20th) to contain Apache log4j version 2.17.0. NOT IMPACTED: - Linux VDA LTSR all versions; All other CVAD components.' + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21910,22 +21896,20 @@ software: unaffected_versions: - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' @@ -21938,27 +21922,26 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All Platforms vendor_links: - https://support.citrix.com/article/CTX335705 - notes: Citrix continues to investigate any potential impact on Citrix-managed - cloud services. If, as the investigation continues, any Citrix-managed services - are found to be affected by this issue, Citrix will take immediate action to - remediate the problem. Customers using Citrix-managed cloud services do not - need to take any action. + notes: '' references: - '' last_updated: '2021-12-21T00:00:00' diff --git a/data/cisagov_C.yml b/data/cisagov_C.yml index b484a43..a17ca4c 100644 --- a/data/cisagov_C.yml +++ b/data/cisagov_C.yml @@ -4746,25 +4746,25 @@ software: investigated: true affected_versions: [] fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - '10.14 RP2' - - '10.13 RP5' - - '10.12 RP10' + - 10.14 RP2 + - 10.13 RP5 + - 10.12 RP10 unaffected_versions: [] cve-2021-45105: investigated: true affected_versions: [] fixed_versions: - - '10.14 RP3' - - '10.13 RP6' - - '10.12 RP11' + - 10.14 RP3 + - 10.13 RP6 + - 10.12 RP11 unaffected_versions: [] vendor_links: - https://support.citrix.com/article/CTX335705 @@ -4880,13 +4880,13 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45046: investigated: true affected_versions: [] fixed_versions: - - 'Linux Virtual Delivery Agent 2112' + - Linux Virtual Delivery Agent 2112 unaffected_versions: [] cve-2021-45105: investigated: true From de6151a074117b7cace93483dae00f6479cf2aea Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 10:40:09 -0500 Subject: [PATCH 245/268] Add BD Alaris products --- data/cisagov_B.yml | 843 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 842 insertions(+), 1 deletion(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 88068ee..902797e 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -811,7 +811,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Arctic Sun™ Analytics + product: Alaris CC Plus Guardrails Syringe Pump cves: cve-2021-4104: investigated: false @@ -819,10 +819,851 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris CC Plus Syringe Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris Enteral Plus Syringe Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris Gateway Workstation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris GP Plus Guardrails Volumetric Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris GP Plus Volumetric Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris PK Plus Syringe Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris Technical Utility (ATU) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris TiVA Syringe Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris VP Plus Guardrails Volumetric Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Accuri C6 Plus + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Action Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Auto-ID Module Model + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Communications Engine + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris CQI Event Reporter + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Guardrails Editor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Infusion Central + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris neXus CC Syringe Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris neXus Editor v5.0 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris neXus GP Volumetric Pump + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris PCA Module Model 8120 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Plus Editor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Point-of-Care Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Point-of-Care Unit (PCU) Model 8015 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Pump Module Model 8100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Syringe Module Model 8110 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris System Mainetnance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Systems Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Arctic Sun Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From 48bafa14799bcdae68465b183d3d6d769bd31d65 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 11:11:11 -0500 Subject: [PATCH 246/268] Add BD products through Rowa --- data/cisagov_B.yml | 2332 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 2312 insertions(+), 20 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 902797e..77aaa50 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -1681,7 +1681,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Diabetes Care App Cloud + product: BD BACTEC 9050 cves: cve-2021-4104: investigated: false @@ -1689,10 +1689,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1710,7 +1711,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Clinical Advisor + product: BD BACTEC 9120 cves: cve-2021-4104: investigated: false @@ -1718,10 +1719,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1739,7 +1741,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Data Manager + product: BD BACTEC 9240 cves: cve-2021-4104: investigated: false @@ -1747,10 +1749,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1768,7 +1771,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Diversion Management + product: BD BACTEC FX cves: cve-2021-4104: investigated: false @@ -1776,10 +1779,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1797,7 +1801,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Infection Advisor + product: BD BACTEC FX40 cves: cve-2021-4104: investigated: false @@ -1805,10 +1809,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC MGIT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1826,7 +1861,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Inventory Optimization Analytics + product: BD Care Coordination Engine (CCE) cves: cve-2021-4104: investigated: false @@ -1834,10 +1869,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Cato + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1855,7 +1921,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD HealthSight™ Medication Safety + product: BD COR cves: cve-2021-4104: investigated: false @@ -1863,10 +1929,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Diabetes Care App Cloud + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1884,7 +1981,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + product: BD EpiCenter cves: cve-2021-4104: investigated: false @@ -1892,10 +1989,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSAria Fusion + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1913,7 +2041,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + product: BD FACSAria II cves: cve-2021-4104: investigated: false @@ -1921,10 +2049,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSAria III + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1942,7 +2101,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Knowledge Portal for Medication Technologies + product: BD FACSCalibur cves: cve-2021-4104: investigated: false @@ -1950,10 +2109,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCanto 10-color + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -1971,7 +2161,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Synapsys™ Informatics Solution + product: BD FACSCanto 10-color clinical cves: cve-2021-4104: investigated: false @@ -1979,10 +2169,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCanto II (w Diva 9.0) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -2000,7 +2221,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Veritor™ COVID At Home Solution Cloud + product: BD FACSCanto II clinical cves: cve-2021-4104: investigated: false @@ -2008,10 +2229,2081 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCelesta + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCount + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSDuet + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSLyric + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSMelody + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSPresto + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSVerse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSVia + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony A1 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony A3 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony A5 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony S6 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACS Lyse Wash Assistant + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACS Sample Prep Assistant (SPA) III + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACS Workflow Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HD Check System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Clinical Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Data Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Diversion Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Infection Advisor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Inventory Optimization Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Medication Safety + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Intelliport + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Intelliport Medication Management System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Inventory Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Intelliport + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Kiestra InoquIA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Kiestra InoquIA+ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for BD Pyxis Supply + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Infusion Technologies + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Medication Technologies + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD MAX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Phoenix 100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Phoenix AP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Phoenix M50 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Prevue II Peripheral Vascular Access System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Probetec + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Anesthesia Station 4000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Anesthesia Station ES + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis CIISafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis CUBIE System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis ES System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis IV Prep + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Logistics (Pyxis Pharmogistics) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Med Link Queue & Waste + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis MedBank + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis MedStation 4000 System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Medstation ES + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Order Viewer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis ParAssist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis PARx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis PharmoPack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis RapidRx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis ReadyMed + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis SupplyStation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Tissue & Implant Management System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Track and Deliver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD ReadyMed + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Remote Support Services (RSS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rhapsody Single-Cell Analysis System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Dose (Windows 7 Workstations only) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Dose (Windows 10 platform) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Pouch Packaging Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa ProLog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Smart + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Vmax + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Synapsys Informatics Solution + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Veritor COVID At Home Solution Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From b551c3d68a576cd8071b3cc4ed18726b4d434570 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 11:22:06 -0500 Subject: [PATCH 247/268] Add BD products, complete --- data/cisagov_B.yml | 720 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 720 insertions(+) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 77aaa50..f345e3a 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -4260,6 +4260,66 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Sensica Urine Output System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Site~Rite 8 Ultrasound Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: BD product: BD Synapsys Informatics Solution cves: @@ -4290,6 +4350,126 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Totalys DataLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Totalys Multiprocessor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Totalys SlidePrep + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Veritor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: BD product: BD Veritor COVID At Home Solution Cloud cves: @@ -4320,6 +4500,546 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Viper LT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Viper XTR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: CoreLite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: EnCor Enspire Breast Biopsy System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: EnCor Ultra Breast Biopsy System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: FlowJo Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: FlowJo Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Influx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: LSRFortessa + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: LSRFortessa X-20 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: PleurX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: QUANTAFLO Peripheral Arterial Disease Test + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Restock Order + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: SeqGeq Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Sherlock 3CG Standalone Tip Confirmation Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Site~Rite PICC Ultrasound Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Site~Rite Prevue Plus Ultrasound Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Specimen Collection Verification + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' - vendor: Beckman Coulter product: Access 2 (Immunoassay System) cves: From f9ef50ecad304ffc1347e2a11dac58813858c11e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 11:54:00 -0500 Subject: [PATCH 248/268] Update B products --- data/cisagov_B.yml | 85 +++++++++++++++++++++++++++++++--------------- 1 file changed, 58 insertions(+), 27 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index f345e3a..0198037 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -7372,8 +7372,38 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' + - vendor: Belden + product: Hirschmann Networking Devices and Software Tools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hirschmann-support.belden.com/file.php/18672XKMWSCRYGG186719202C5BA4/Hirschmann_Statement_Log4j_Vulnerability_Dec2021.pdf + notes: Hirschmann is a brand of Belden. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Bender - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7401,9 +7431,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + - vendor: Best Practical + product: Request Tracker (RT) cves: cve-2021-4104: investigated: false @@ -7411,10 +7440,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7431,8 +7461,8 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud + - vendor: Best Practical + product: Request Tracker for Incident Response (RTIR) cves: cve-2021-4104: investigated: false @@ -7442,9 +7472,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - Unknown - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7456,13 +7486,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -7473,7 +7503,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '21.2' + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7492,7 +7522,7 @@ software: - '' last_updated: '2021-12-17T00:00:00' - vendor: BeyondTrust - product: Secure Remote Access appliances + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -7502,9 +7532,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - Unknown + fixed_versions: + - '21.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -7521,8 +7551,8 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar - product: '' + - vendor: BeyondTrust + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -7530,10 +7560,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7545,13 +7576,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' + last_updated: '2021-12-17T00:00:00' - vendor: BioMerieux - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7580,7 +7611,7 @@ software: - '' last_updated: '2021-12-22T00:00:00' - vendor: BisectHosting - product: '' + product: All cves: cve-2021-4104: investigated: false From bb2490e7e121ecf8c1b1fe6af5815567a78fee4c Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 12:04:05 -0500 Subject: [PATCH 249/268] Add BlackBerry products, etc. --- data/cisagov_B.yml | 213 ++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 199 insertions(+), 14 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 0198037..d7782e5 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -7581,6 +7581,66 @@ software: references: - '' last_updated: '2021-12-17T00:00:00' + - vendor: BigBlueButton + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/bigbluebutton/bigbluebutton/issues/13897 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: BioJava + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/biojava/biojava/releases/tag/biojava-6.0.4 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' - vendor: BioMerieux product: All cves: @@ -7640,7 +7700,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BitDefender - product: '' + product: GravityZone On-Prem cves: cve-2021-4104: investigated: false @@ -7648,10 +7708,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7677,9 +7738,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -7698,7 +7760,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BitRise - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7727,7 +7789,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: Bitwarden - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7735,10 +7797,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: investigated: false affected_versions: [] @@ -7764,10 +7827,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -7785,7 +7849,7 @@ software: - Vendor review indicated Fivetran is not vulnerable to Log4j2 last_updated: '2022-01-12T07:18:50+00:00' - vendor: Black Kite - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7813,8 +7877,98 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BlackBerry + product: 2FA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BlackBerry + product: Enterprise Mobility Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '2.12 and above' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BlackBerry + product: Workspaces On-Prem Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 'All' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Blancco - product: '' + product: All cves: cve-2021-4104: investigated: false @@ -7842,8 +7996,39 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Bluemind + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '3.5.x' + - '4.x' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/bluemind/status/1470379923034578946?s=20A + notes: This advisory is available to customer only and has not been reviewed by CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Blumira - product: '' + product: All cves: cve-2021-4104: investigated: false From 564b4e9ca29f578ef36cffdd8b4e179745ef6a22 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 12:47:42 -0500 Subject: [PATCH 250/268] Add BMC products through AMI --- data/cisagov_B.yml | 2317 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 2212 insertions(+), 105 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index d7782e5..5486190 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -8057,7 +8057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Bladelogic Database Automation + product: BMC AMI Apptune for Db2 cves: cve-2021-4104: investigated: false @@ -8065,10 +8065,2021 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Backup and Recovery for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Batch Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Capacity Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Catalog Manager for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Catalog Manager for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for IMS for DBCTL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for IMS TM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager Virtual Terminal for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Check for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Command Center for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Command Center for Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Console Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Copy for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Cost Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Data Packer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Administration for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Advisor for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Integrity for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Performance for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Datastream for Ops + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for McAfee DAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for Ops Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/OS GSIP Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender z/VM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender TCP/IP Receiver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI DevOps for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Energizer for IMS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Enterprise Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Extended Terminal Assist for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Indexer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Analyzer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Image Copy for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Restructure for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Recovery for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Restart for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Large Object Management for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Load for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI LOBMaster for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Log Analyzer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Log Master for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Message Advisor for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Online Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Automation for Capping + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops for Networks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for CMF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IMS Offline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IMS Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for JE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for USS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for WAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor SYSPROG Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Partitioned Database Facility for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Pointer Checker for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Pool Advisor for Db2 + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8086,7 +10097,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops + product: BMC AMI Recover for Db2 cves: cve-2021-4104: investigated: false @@ -8094,10 +10105,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8115,7 +10127,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Products + product: BMC AMI Recovery for VSAM cves: cve-2021-4104: investigated: false @@ -8123,10 +10135,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8144,7 +10157,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware + product: BMC AMI Recovery Manager for Db2 cves: cve-2021-4104: investigated: false @@ -8152,10 +10165,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8173,7 +10187,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Automation Console + product: BMC AMI Reorg for Db2 cves: cve-2021-4104: investigated: false @@ -8181,10 +10195,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8202,7 +10217,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Business Workflows + product: BMC AMI Reorg for IMS cves: cve-2021-4104: investigated: false @@ -8210,10 +10225,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8231,7 +10247,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Client Management + product: BMC AMI Security Administrator cves: cve-2021-4104: investigated: false @@ -8239,10 +10255,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8260,7 +10277,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Cloud Cost + product: BMC AMI Security Policy Manager cves: cve-2021-4104: investigated: false @@ -8268,10 +10285,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8289,7 +10307,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Cloud Security + product: BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) cves: cve-2021-4104: investigated: false @@ -8297,10 +10315,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8318,7 +10337,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix CMDB + product: BMC AMI Security Self Service Password Reset cves: cve-2021-4104: investigated: false @@ -8326,10 +10345,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8347,7 +10367,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Continuous Optimization + product: BMC AMI SQL Explorer for Db2 cves: cve-2021-4104: investigated: false @@ -8355,10 +10375,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8376,7 +10397,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Control-M + product: BMC AMI SQL Performance for Db2 cves: cve-2021-4104: investigated: false @@ -8384,10 +10405,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8405,7 +10427,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Digital Workplace + product: BMC AMI Stats for Db2 cves: cve-2021-4104: investigated: false @@ -8413,10 +10435,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8434,7 +10457,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Discovery + product: BMC AMI Storage cves: cve-2021-4104: investigated: false @@ -8442,10 +10465,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8463,7 +10487,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix ITSM + product: BMC AMI Unload for Db2 cves: cve-2021-4104: investigated: false @@ -8471,10 +10495,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8492,7 +10517,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Knowledge Management + product: BMC AMI Utlities for Db2 cves: cve-2021-4104: investigated: false @@ -8500,10 +10525,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8521,7 +10547,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Operations Management with AIOps + product: BMC AMI Utility Mangement for Db2 cves: cve-2021-4104: investigated: false @@ -8529,10 +10555,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8550,7 +10577,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Platform + product: BMC AMI Utility Mangemer for Db2 cves: cve-2021-4104: investigated: false @@ -8558,10 +10585,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8579,7 +10607,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix platform + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -8587,10 +10615,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8608,7 +10637,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Remediate + product: BMC Helix Continuous Optimization - Agents cves: cve-2021-4104: investigated: false @@ -8616,10 +10645,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8637,7 +10667,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Remediate + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -8645,10 +10675,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8666,7 +10697,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Remedyforce + product: BMC Helix Discovery Outpost cves: cve-2021-4104: investigated: false @@ -8674,10 +10705,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8695,7 +10727,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Virtual Agent + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -8703,10 +10735,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '21.x and below' cve-2021-45046: investigated: false affected_versions: [] @@ -8724,7 +10757,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Cloud Lifecycle Management + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -8732,10 +10765,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8753,7 +10787,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Control-M + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -8761,10 +10795,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8782,7 +10817,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Footprints + product: BMC Remedy AR System cves: cve-2021-4104: investigated: false @@ -8790,10 +10825,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8811,7 +10847,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: MainView Middleware Administrator + product: BMC PATROL Agent cves: cve-2021-4104: investigated: false @@ -8819,10 +10855,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8840,7 +10877,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: MainView Middleware Monitor + product: BMC PATROL Agent (TSOM & BHOM) cves: cve-2021-4104: investigated: false @@ -8848,10 +10885,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8869,7 +10907,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Remedy ITSM (IT Service Management) + product: BMC PATROL Knowledge Modules - PATROL KM cves: cve-2021-4104: investigated: false @@ -8877,10 +10915,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: Except Sybase and Linux + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy CMDB + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8898,7 +10967,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: SmartIT + product: BMC Remedy ITSM cves: cve-2021-4104: investigated: false @@ -8906,10 +10975,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8927,7 +10997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Track-It! + product: BMC Remedy Mid-Tier cves: cve-2021-4104: investigated: false @@ -8935,10 +11005,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8956,7 +11027,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Automation for Networks + product: BMC Remedy SLM cves: cve-2021-4104: investigated: false @@ -8964,10 +11035,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -8985,7 +11057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Automation for Servers + product: BMC Remedy SmartIT cves: cve-2021-4104: investigated: false @@ -8993,10 +11065,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9014,7 +11087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Capacity Optimization + product: BMC Remedy SRM cves: cve-2021-4104: investigated: false @@ -9022,10 +11095,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9043,7 +11117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Infrastructure Management + product: BMC RSSO Agent cves: cve-2021-4104: investigated: false @@ -9051,10 +11125,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9072,7 +11147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Operations Management + product: BMC RSSO Auth Proxy cves: cve-2021-4104: investigated: false @@ -9080,10 +11155,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -9101,7 +11177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Orchestration + product: BMC RSSO DataTransfer Tool cves: cve-2021-4104: investigated: false @@ -9109,10 +11185,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Server + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] From fcc9340ec60ef8ff11b97456cd130569052f435f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 12:54:59 -0500 Subject: [PATCH 251/268] Fix whitespace --- data/cisagov_B.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 5486190..71b5f93 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -10247,7 +10247,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Security Administrator + product: BMC AMI Security Administrator cves: cve-2021-4104: investigated: false From af151d1ad19f511cfd7a23a858a57cb91bba999f Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 14:03:04 -0500 Subject: [PATCH 252/268] Add BMC Compuware products --- data/cisagov_B.yml | 930 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 930 insertions(+) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 71b5f93..fef5ea5 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -10606,6 +10606,936 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Abend-Aid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Application Audit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware DevEnterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Enterprise Common Components (ECC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Enterprise Services (CES) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID Data Privacy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID Data Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID/MVS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID/RDX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Hiperstation ALL Product Offerings + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware ISPW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware iStrobe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Program Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Storage Backup and Recovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Storage Migration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Storage Performance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Strobe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware ThruPut Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Connect (including NXPromote) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Enterprise Data + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz for Java Performance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz for Total Test + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Program Analysis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Workbench + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/Code Coverage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/TSO and IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/Xchange + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz zAdviser + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC Helix Business Workflows cves: From f2a38506f00284554fbf38b2b1f74c02a053c943 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 14:11:54 -0500 Subject: [PATCH 253/268] Add BMC Defender & Digital WP products --- data/cisagov_B.yml | 390 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 390 insertions(+) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index fef5ea5..bb611b3 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -11536,6 +11536,396 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent Configuration Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent for SAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent for Unix/Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent for Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender App for Splunk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SIEM Correlation Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SIEM for Motorola + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SIEM for NNT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SyslogDefender + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Windows Agent for Splunk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Digital Workplace Basic (DWP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Digital Workplace Catalog (DWPC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Digital Workplace Advanced (DWPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC Helix Business Workflows cves: From 953b645b659b3edac537e683b060caa86261d6a0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 14:20:11 -0500 Subject: [PATCH 254/268] Add BMC products through TrueSight, TSCO, etc. --- data/cisagov_B.yml | 392 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 391 insertions(+), 1 deletion(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index bb611b3..e4a1941 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -12137,7 +12137,187 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy AR System + product: BMC MainView Explorer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Middleware Administrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Transaction Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MAXM Reorg for IMS with Online/Defrag Feature + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MAXM Reorg/EP for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Next Generation Logger (NGL) cves: cve-2021-4104: investigated: false @@ -12256,6 +12436,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy AR System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC Remedy CMDB cves: @@ -12556,6 +12766,186 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Runtime Component System (RTCS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Capacity Optimization + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Capacity Optimization - Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Orchestration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TSCO for Mainframes + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC User Interface Middleware (UIM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: Bosch product: '' cves: From fe455113a67236b8ef5d17e2822c2748e4580f86 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 16:24:40 -0500 Subject: [PATCH 255/268] Add BMC "other" products --- data/cisagov_B.yml | 2326 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 2168 insertions(+), 158 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index e4a1941..2ff87a7 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -8056,6 +8056,186 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: 3270 SUPEROPTIMIZER/CI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: 3270 SUPEROPTIMIZER/CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Application Restart Control for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Application Restart Control for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Application Restart Control for VSAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Application Accelerator for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC AMI Apptune for Db2 cves: @@ -8327,7 +8507,1837 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Change Manager for IMS TM + product: BMC AMI Change Manager for IMS TM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager Virtual Terminal for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Check for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Command Center for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Command Center for Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Console Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Copy for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Cost Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Data Packer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Administration for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Advisor for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Integrity for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Performance for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Datastream for Ops + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for McAfee DAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for Ops Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/OS GSIP Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender z/VM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender TCP/IP Receiver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI DevOps for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Energizer for IMS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Enterprise Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Extended Terminal Assist for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Indexer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Analyzer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Image Copy for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Restructure for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Recovery for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Restart for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Large Object Management for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Load for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI LOBMaster for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Log Analyzer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Log Master for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Message Advisor for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Online Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Automation for Capping + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops for Networks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for CMF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IMS Offline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IMS Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for JE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for USS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for WAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor SYSPROG Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Partitioned Database Facility for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Pointer Checker for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Pool Advisor for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Recover for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Recovery for VSAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Recovery Manager for Db2 cves: cve-2021-4104: investigated: false @@ -8357,7 +10367,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Change Manager Virtual Terminal for IMS + product: BMC AMI Reorg for Db2 cves: cve-2021-4104: investigated: false @@ -8387,7 +10397,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Check for Db2 + product: BMC AMI Reorg for IMS cves: cve-2021-4104: investigated: false @@ -8417,7 +10427,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Command Center for Db2 + product: BMC AMI Security Administrator cves: cve-2021-4104: investigated: false @@ -8447,7 +10457,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Command Center for Security + product: BMC AMI Security Policy Manager cves: cve-2021-4104: investigated: false @@ -8477,7 +10487,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Console Management + product: BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) cves: cve-2021-4104: investigated: false @@ -8507,7 +10517,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Copy for Db2 + product: BMC AMI Security Self Service Password Reset cves: cve-2021-4104: investigated: false @@ -8537,7 +10547,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Cost Management + product: BMC AMI SQL Explorer for Db2 cves: cve-2021-4104: investigated: false @@ -8567,7 +10577,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Data Packer for IMS + product: BMC AMI SQL Performance for Db2 cves: cve-2021-4104: investigated: false @@ -8597,7 +10607,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Database Administration for Db2 + product: BMC AMI Stats for Db2 cves: cve-2021-4104: investigated: false @@ -8627,7 +10637,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Database Advisor for IMS + product: BMC AMI Storage cves: cve-2021-4104: investigated: false @@ -8657,7 +10667,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Integrity for IMS + product: BMC AMI Unload for Db2 cves: cve-2021-4104: investigated: false @@ -8687,7 +10697,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Database Performance for Db2 + product: BMC AMI Utlities for Db2 cves: cve-2021-4104: investigated: false @@ -8717,7 +10727,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Datastream for Ops + product: BMC AMI Utility Mangement for Db2 cves: cve-2021-4104: investigated: false @@ -8747,7 +10757,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for Db2 + product: BMC AMI Utility Mangemer for Db2 cves: cve-2021-4104: investigated: false @@ -8777,7 +10787,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for IMS + product: BMC Check Plus for Db2 cves: cve-2021-4104: investigated: false @@ -8807,7 +10817,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for McAfee DAM + product: BMC Client Gateway (Kaazing) cves: cve-2021-4104: investigated: false @@ -8837,7 +10847,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for Ops Insight + product: BMC Compuware Abend-Aid cves: cve-2021-4104: investigated: false @@ -8867,7 +10877,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for z/Linux + product: BMC Compuware Application Audit cves: cve-2021-4104: investigated: false @@ -8897,7 +10907,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for z/OS + product: BMC Compuware DevEnterprise cves: cve-2021-4104: investigated: false @@ -8927,7 +10937,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for z/OS GSIP Package + product: BMC Compuware Enterprise Common Components (ECC) cves: cve-2021-4104: investigated: false @@ -8957,7 +10967,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender z/VM + product: BMC Compuware Enterprise Services (CES) cves: cve-2021-4104: investigated: false @@ -8987,7 +10997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender TCP/IP Receiver + product: BMC Compuware File-AID Data Privacy cves: cve-2021-4104: investigated: false @@ -9017,7 +11027,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI DevOps for Db2 + product: BMC Compuware File-AID Data Solutions cves: cve-2021-4104: investigated: false @@ -9047,7 +11057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Energizer for IMS Connect + product: BMC Compuware File-AID for Db2 cves: cve-2021-4104: investigated: false @@ -9077,7 +11087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Enterprise Connector + product: BMC Compuware File-AID for IMS cves: cve-2021-4104: investigated: false @@ -9107,7 +11117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Extended Terminal Assist for IMS + product: BMC Compuware File-AID/MVS cves: cve-2021-4104: investigated: false @@ -9137,7 +11147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Indexer for IMS + product: BMC Compuware File-AID/RDX cves: cve-2021-4104: investigated: false @@ -9167,7 +11177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Analyzer for IMS + product: BMC Compuware Hiperstation ALL Product Offerings cves: cve-2021-4104: investigated: false @@ -9197,7 +11207,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Image Copy for IMS + product: BMC Compuware ISPW cves: cve-2021-4104: investigated: false @@ -9227,7 +11237,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Reorg for IMS + product: BMC Compuware iStrobe cves: cve-2021-4104: investigated: false @@ -9257,7 +11267,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Restructure for IMS + product: BMC Compuware Program Analyzer cves: cve-2021-4104: investigated: false @@ -9287,7 +11297,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Recovery for IMS + product: BMC Compuware Storage Backup and Recovery cves: cve-2021-4104: investigated: false @@ -9317,7 +11327,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Restart for IMS + product: BMC Compuware Storage Migration cves: cve-2021-4104: investigated: false @@ -9347,7 +11357,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Large Object Management for Db2 + product: BMC Compuware Storage Performance cves: cve-2021-4104: investigated: false @@ -9377,7 +11387,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Load for Db2 + product: BMC Compuware Strobe cves: cve-2021-4104: investigated: false @@ -9407,7 +11417,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI LOBMaster for Db2 + product: BMC Compuware ThruPut Manager cves: cve-2021-4104: investigated: false @@ -9437,7 +11447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Log Analyzer for IMS + product: BMC Compuware Topaz Connect (including NXPromote) cves: cve-2021-4104: investigated: false @@ -9467,7 +11477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Log Master for Db2 + product: BMC Compuware Topaz Enterprise Data cves: cve-2021-4104: investigated: false @@ -9497,7 +11507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Message Advisor for IMS + product: BMC Compuware Topaz for Java Performance cves: cve-2021-4104: investigated: false @@ -9527,7 +11537,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Online Reorg for IMS + product: BMC Compuware Topaz for Total Test cves: cve-2021-4104: investigated: false @@ -9557,7 +11567,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Automation + product: BMC Compuware Topaz Program Analysis cves: cve-2021-4104: investigated: false @@ -9587,7 +11597,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Automation for Capping + product: BMC Compuware Topaz Workbench cves: cve-2021-4104: investigated: false @@ -9617,7 +11627,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops for Networks + product: BMC Compuware Topaz Xpediter/CICS cves: cve-2021-4104: investigated: false @@ -9647,7 +11657,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for CICS + product: BMC Compuware Topaz Xpediter/Code Coverage cves: cve-2021-4104: investigated: false @@ -9677,7 +11687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for CMF + product: BMC Compuware Topaz Xpediter/TSO and IMS cves: cve-2021-4104: investigated: false @@ -9707,7 +11717,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for Db2 + product: BMC Compuware Topaz Xpediter/Xchange cves: cve-2021-4104: investigated: false @@ -9737,7 +11747,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for IMS Offline + product: BMC Compuware Topaz zAdviser cves: cve-2021-4104: investigated: false @@ -9767,7 +11777,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for IMS Online + product: BMC COPE for IMS cves: cve-2021-4104: investigated: false @@ -9797,7 +11807,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for IP + product: BMC DASD Manger for Db2 cves: cve-2021-4104: investigated: false @@ -9827,7 +11837,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for JE + product: BMC Database Recovery Management cves: cve-2021-4104: investigated: false @@ -9857,7 +11867,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for MQ + product: BMC Db2 Plus Utilities cves: cve-2021-4104: investigated: false @@ -9887,7 +11897,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for USS + product: BMC Defender Agent Configuration Manager cves: cve-2021-4104: investigated: false @@ -9917,7 +11927,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for WAS + product: BMC Defender Agent for SAP cves: cve-2021-4104: investigated: false @@ -9947,7 +11957,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor for z/OS + product: BMC Defender Agent for Unix/Linux cves: cve-2021-4104: investigated: false @@ -9977,7 +11987,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops Monitor SYSPROG Services + product: BMC Defender Agent for Windows cves: cve-2021-4104: investigated: false @@ -10007,7 +12017,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Partitioned Database Facility for IMS + product: BMC Defender App for Splunk cves: cve-2021-4104: investigated: false @@ -10037,7 +12047,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Pointer Checker for IMS + product: BMC Defender SIEM Correlation Server cves: cve-2021-4104: investigated: false @@ -10067,7 +12077,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Pool Advisor for Db2 + product: BMC Defender SIEM for Motorola cves: cve-2021-4104: investigated: false @@ -10097,7 +12107,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Recover for Db2 + product: BMC Defender SIEM for NNT cves: cve-2021-4104: investigated: false @@ -10127,7 +12137,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Recovery for VSAM + product: BMC Defender SyslogDefender cves: cve-2021-4104: investigated: false @@ -10157,7 +12167,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Recovery Manager for Db2 + product: BMC Defender Windows Agent for Splunk cves: cve-2021-4104: investigated: false @@ -10187,7 +12197,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Reorg for Db2 + product: BMC Digital Workplace Basic (DWP) cves: cve-2021-4104: investigated: false @@ -10217,7 +12227,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Reorg for IMS + product: BMC Digital Workplace Catalog (DWPC) cves: cve-2021-4104: investigated: false @@ -10247,7 +12257,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Security Administrator + product: BMC Digital Workplace Advanced (DWPA) cves: cve-2021-4104: investigated: false @@ -10277,7 +12287,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Security Policy Manager + product: BMC Discovery for z/OS cves: cve-2021-4104: investigated: false @@ -10307,7 +12317,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -10337,7 +12347,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Security Self Service Password Reset + product: BMC Helix Continuous Optimization - Agents cves: cve-2021-4104: investigated: false @@ -10367,7 +12377,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI SQL Explorer for Db2 + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -10397,7 +12407,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI SQL Performance for Db2 + product: BMC Helix Discovery Outpost cves: cve-2021-4104: investigated: false @@ -10427,7 +12437,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Stats for Db2 + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -10439,7 +12449,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '21.x and below' cve-2021-45046: investigated: false affected_versions: [] @@ -10457,7 +12467,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Storage + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -10487,7 +12497,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Unload for Db2 + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -10517,7 +12527,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Utlities for Db2 + product: BMC License Usage Collection Utility cves: cve-2021-4104: investigated: false @@ -10547,7 +12557,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Utility Mangement for Db2 + product: BMC LOADPLUS for Db2 cves: cve-2021-4104: investigated: false @@ -10577,7 +12587,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Utility Mangemer for Db2 + product: BMC MainView Explorer cves: cve-2021-4104: investigated: false @@ -10607,7 +12617,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Abend-Aid + product: BMC MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -10637,7 +12647,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Application Audit + product: BMC MainView Transaction Analyzer cves: cve-2021-4104: investigated: false @@ -10667,7 +12677,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware DevEnterprise + product: BMC MainView Vistapoint & Energizer cves: cve-2021-4104: investigated: false @@ -10697,7 +12707,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Enterprise Common Components (ECC) + product: BMC MAXM Reorg for IMS with Online/Defrag Feature cves: cve-2021-4104: investigated: false @@ -10727,7 +12737,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Enterprise Services (CES) + product: BMC MAXM Reorg/EP for IMS cves: cve-2021-4104: investigated: false @@ -10757,7 +12767,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware File-AID Data Privacy + product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature cves: cve-2021-4104: investigated: false @@ -10787,7 +12797,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware File-AID Data Solutions + product: BMC Next Generation Logger (NGL) cves: cve-2021-4104: investigated: false @@ -10817,7 +12827,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware File-AID for Db2 + product: BMC Opertune for Db2 cves: cve-2021-4104: investigated: false @@ -10847,7 +12857,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware File-AID for IMS + product: BMC PATROL Agent cves: cve-2021-4104: investigated: false @@ -10877,7 +12887,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware File-AID/MVS + product: BMC PATROL Agent (TSOM & BHOM) cves: cve-2021-4104: investigated: false @@ -10907,7 +12917,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware File-AID/RDX + product: BMC PATROL Knowledge Modules - PATROL KM cves: cve-2021-4104: investigated: false @@ -10932,12 +12942,12 @@ software: unaffected_versions: [] vendor_links: - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' + notes: Except Sybase and Linux references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Hiperstation ALL Product Offerings + product: BMC Plus Utilities cves: cve-2021-4104: investigated: false @@ -10967,7 +12977,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware ISPW + product: BMC Remedy AR System cves: cve-2021-4104: investigated: false @@ -10997,7 +13007,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware iStrobe + product: BMC Remedy CMDB cves: cve-2021-4104: investigated: false @@ -11027,7 +13037,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Program Analyzer + product: BMC Remedy ITSM cves: cve-2021-4104: investigated: false @@ -11057,7 +13067,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Storage Backup and Recovery + product: BMC Remedy Mid-Tier cves: cve-2021-4104: investigated: false @@ -11087,7 +13097,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Storage Migration + product: BMC Remedy SLM cves: cve-2021-4104: investigated: false @@ -11117,7 +13127,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Storage Performance + product: BMC Remedy SmartIT cves: cve-2021-4104: investigated: false @@ -11147,7 +13157,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Strobe + product: BMC Remedy SRM cves: cve-2021-4104: investigated: false @@ -11177,7 +13187,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware ThruPut Manager + product: BMC Reorg Plus for Db2 cves: cve-2021-4104: investigated: false @@ -11207,7 +13217,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Connect (including NXPromote) + product: BMC RSSO Agent cves: cve-2021-4104: investigated: false @@ -11237,7 +13247,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Enterprise Data + product: BMC RSSO Auth Proxy cves: cve-2021-4104: investigated: false @@ -11267,7 +13277,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz for Java Performance + product: BMC RSSO DataTransfer Tool cves: cve-2021-4104: investigated: false @@ -11297,7 +13307,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz for Total Test + product: BMC RSSO Server cves: cve-2021-4104: investigated: false @@ -11327,7 +13337,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Program Analysis + product: BMC Runtime Component System (RTCS) cves: cve-2021-4104: investigated: false @@ -11357,7 +13367,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Workbench + product: BMC TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -11387,7 +13397,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Xpediter/CICS + product: BMC TrueSight Capacity Optimization - Agents cves: cve-2021-4104: investigated: false @@ -11417,7 +13427,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Xpediter/Code Coverage + product: BMC TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -11447,7 +13457,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Xpediter/TSO and IMS + product: BMC TSCO for Mainframes cves: cve-2021-4104: investigated: false @@ -11477,7 +13487,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz Xpediter/Xchange + product: BMC Unload Plus for Db2 cves: cve-2021-4104: investigated: false @@ -11507,7 +13517,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware Topaz zAdviser + product: BMC User Interface Middleware (UIM) cves: cve-2021-4104: investigated: false @@ -11537,7 +13547,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender Agent Configuration Manager + product: Change Accumulation Plus cves: cve-2021-4104: investigated: false @@ -11567,7 +13577,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender Agent for SAP + product: Concurrent Reorg Facility cves: cve-2021-4104: investigated: false @@ -11597,7 +13607,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender Agent for Unix/Linux + product: Conditional Image Copy cves: cve-2021-4104: investigated: false @@ -11627,7 +13637,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender Agent for Windows + product: DASD Manager Plus for Db2 cves: cve-2021-4104: investigated: false @@ -11657,7 +13667,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender App for Splunk + product: Data Accelerator Compression cves: cve-2021-4104: investigated: false @@ -11687,7 +13697,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender SIEM Correlation Server + product: Delta IMS DB/DC cves: cve-2021-4104: investigated: false @@ -11717,7 +13727,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender SIEM for Motorola + product: Delta IMS Virtual Terminal cves: cve-2021-4104: investigated: false @@ -11747,7 +13757,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender SIEM for NNT + product: ExceptionReporter cves: cve-2021-4104: investigated: false @@ -11777,7 +13787,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender SyslogDefender + product: Extended Buffer Manager cves: cve-2021-4104: investigated: false @@ -11807,7 +13817,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Defender Windows Agent for Splunk + product: Fast Path Analyzer/EP cves: cve-2021-4104: investigated: false @@ -11837,7 +13847,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Digital Workplace Basic (DWP) + product: Fast Path Facility cves: cve-2021-4104: investigated: false @@ -11867,7 +13877,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Digital Workplace Catalog (DWPC) + product: Fast Path Facility/EP cves: cve-2021-4104: investigated: false @@ -11897,7 +13907,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Digital Workplace Advanced (DWPA) + product: Fast Path Reorg/EP cves: cve-2021-4104: investigated: false @@ -11927,7 +13937,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Business Workflows + product: FASTCPK cves: cve-2021-4104: investigated: false @@ -11957,7 +13967,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Continuous Optimization - Agents + product: FASTCOPY cves: cve-2021-4104: investigated: false @@ -11987,7 +13997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Discovery + product: FDR cves: cve-2021-4104: investigated: false @@ -12017,7 +14027,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Discovery Outpost + product: FDR/UPSTREAM cves: cve-2021-4104: investigated: false @@ -12047,7 +14057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix ITSM + product: FDRABR cves: cve-2021-4104: investigated: false @@ -12059,7 +14069,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '21.x and below' + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12077,7 +14087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Knowledge Management + product: FDRERASE cves: cve-2021-4104: investigated: false @@ -12107,7 +14117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Platform + product: FDRMOVE cves: cve-2021-4104: investigated: false @@ -12137,7 +14147,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Explorer + product: FDRPAS cves: cve-2021-4104: investigated: false @@ -12167,7 +14177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Middleware Administrator + product: FDRPASVM cves: cve-2021-4104: investigated: false @@ -12197,7 +14207,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Transaction Analyzer + product: FDRREORG cves: cve-2021-4104: investigated: false @@ -12227,7 +14237,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MAXM Reorg for IMS with Online/Defrag Feature + product: Footprints cves: cve-2021-4104: investigated: false @@ -12257,7 +14267,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MAXM Reorg/EP for IMS + product: IAM cves: cve-2021-4104: investigated: false @@ -12287,7 +14297,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature + product: Image Copy Plus cves: cve-2021-4104: investigated: false @@ -12317,7 +14327,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Next Generation Logger (NGL) + product: LOADPLUS for IMS cves: cve-2021-4104: investigated: false @@ -12347,7 +14357,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL Agent + product: LOADPLUS/EP for IMS cves: cve-2021-4104: investigated: false @@ -12377,7 +14387,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL Agent (TSOM & BHOM) + product: Local Copy Plus cves: cve-2021-4104: investigated: false @@ -12407,7 +14417,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL Knowledge Modules - PATROL KM + product: Prefix Resolution Plus cves: cve-2021-4104: investigated: false @@ -12432,12 +14442,12 @@ software: unaffected_versions: [] vendor_links: - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: Except Sybase and Linux + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy AR System + product: Prefix Update for IMS cves: cve-2021-4104: investigated: false @@ -12467,7 +14477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy CMDB + product: Recovery Advisor for IMS cves: cve-2021-4104: investigated: false @@ -12497,7 +14507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy ITSM + product: Recovery Manager for IMS cves: cve-2021-4104: investigated: false @@ -12527,7 +14537,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy Mid-Tier + product: Recovery Plus for IMS cves: cve-2021-4104: investigated: false @@ -12557,7 +14567,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy SLM + product: Release Process Management cves: cve-2021-4104: investigated: false @@ -12587,7 +14597,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy SmartIT + product: Release Package and Deployment cves: cve-2021-4104: investigated: false @@ -12617,7 +14627,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy SRM + product: Resident Security Server cves: cve-2021-4104: investigated: false @@ -12647,7 +14657,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO Agent + product: Secondary Index Utility cves: cve-2021-4104: investigated: false @@ -12677,7 +14687,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO Auth Proxy + product: Secondary Index Utility/EP cves: cve-2021-4104: investigated: false @@ -12707,7 +14717,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO DataTransfer Tool + product: Snapshot Upgrade Feature cves: cve-2021-4104: investigated: false @@ -12737,7 +14747,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO Server + product: Track-It! cves: cve-2021-4104: investigated: false @@ -12767,7 +14777,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Runtime Component System (RTCS) + product: ULTRAOPT/CICS cves: cve-2021-4104: investigated: false @@ -12797,7 +14807,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TrueSight Capacity Optimization + product: ULTRAOPT/IMS cves: cve-2021-4104: investigated: false @@ -12827,7 +14837,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TrueSight Capacity Optimization - Agents + product: UNLOAD PLUS for IMS cves: cve-2021-4104: investigated: false @@ -12857,7 +14867,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TrueSight Orchestration + product: UNLOAD PLUS/EP for IMS cves: cve-2021-4104: investigated: false @@ -12887,7 +14897,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TSCO for Mainframes + product: UXF for IMS (non product) cves: cve-2021-4104: investigated: false @@ -12917,7 +14927,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC User Interface Middleware (UIM) + product: zDetect cves: cve-2021-4104: investigated: false From cc0e645afc0056a5d0ac369d5950b778d675016e Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 15 Feb 2022 16:47:14 -0500 Subject: [PATCH 256/268] Add BMC products, complete --- data/cisagov_B.yml | 1038 +++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 969 insertions(+), 69 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 2ff87a7..0094764 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -8206,6 +8206,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Bladelogic Database Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC Application Accelerator for IMS cves: @@ -9796,6 +9826,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Common Rest API (CRA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC AMI Ops for Networks cves: @@ -9826,6 +9886,66 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Infrastructure (MVI) - CRA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC AMI Ops Monitor for CICS cves: @@ -10186,6 +10306,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops UI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC AMI Partitioned Database Facility for IMS cves: @@ -10846,6 +10996,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Client Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC Compuware Abend-Aid cves: @@ -12287,7 +12467,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Discovery for z/OS + product: BMC Discovery cves: cve-2021-4104: investigated: false @@ -12297,9 +12477,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12317,7 +12497,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Business Workflows + product: BMC Discovery for z/OS cves: cve-2021-4104: investigated: false @@ -12347,7 +12527,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Continuous Optimization - Agents + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -12377,7 +12557,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Discovery + product: BMC Helix Continuous Optimization (REE) cves: cve-2021-4104: investigated: false @@ -12387,9 +12567,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12407,7 +12587,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Discovery Outpost + product: BMC Helix Continuous Optimization - Agents cves: cve-2021-4104: investigated: false @@ -12437,7 +12617,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix ITSM + product: BMC Helix Data Manager cves: cve-2021-4104: investigated: false @@ -12447,9 +12627,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '21.x and below' + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12467,7 +12647,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Knowledge Management + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -12497,7 +12677,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Platform + product: BMC Helix Discovery Outpost cves: cve-2021-4104: investigated: false @@ -12527,7 +12707,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC License Usage Collection Utility + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -12539,7 +12719,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - '21.x and below' cve-2021-45046: investigated: false affected_versions: [] @@ -12557,7 +12737,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC LOADPLUS for Db2 + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -12567,9 +12747,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - '21.x' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12587,7 +12767,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Explorer + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -12617,7 +12797,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Middleware Administrator + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -12647,7 +12827,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Transaction Analyzer + product: BMC License Usage Collection Utility cves: cve-2021-4104: investigated: false @@ -12677,7 +12857,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MainView Vistapoint & Energizer + product: BMC LOADPLUS for Db2 cves: cve-2021-4104: investigated: false @@ -12707,7 +12887,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MAXM Reorg for IMS with Online/Defrag Feature + product: BMC MainView Explorer cves: cve-2021-4104: investigated: false @@ -12737,7 +12917,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MAXM Reorg/EP for IMS + product: BMC MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -12767,7 +12947,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature + product: BMC MainView Middleware Monitor cves: cve-2021-4104: investigated: false @@ -12777,9 +12957,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12797,7 +12977,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Next Generation Logger (NGL) + product: BMC MainView Transaction Analyzer cves: cve-2021-4104: investigated: false @@ -12827,7 +13007,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Opertune for Db2 + product: BMC MainView Vistapoint & Energizer cves: cve-2021-4104: investigated: false @@ -12857,7 +13037,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL Agent + product: BMC MAXM Reorg for IMS with Online/Defrag Feature cves: cve-2021-4104: investigated: false @@ -12887,7 +13067,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL Agent (TSOM & BHOM) + product: BMC MAXM Reorg/EP for IMS cves: cve-2021-4104: investigated: false @@ -12917,7 +13097,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL Knowledge Modules - PATROL KM + product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature cves: cve-2021-4104: investigated: false @@ -12942,12 +13122,12 @@ software: unaffected_versions: [] vendor_links: - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: Except Sybase and Linux + notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Plus Utilities + product: BMC Next Generation Logger (NGL) cves: cve-2021-4104: investigated: false @@ -12977,7 +13157,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy AR System + product: BMC Opertune for Db2 cves: cve-2021-4104: investigated: false @@ -13007,7 +13187,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy CMDB + product: BMC PATROL Agent cves: cve-2021-4104: investigated: false @@ -13037,7 +13217,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy ITSM + product: BMC PATROL Agent (TSOM & BHOM) cves: cve-2021-4104: investigated: false @@ -13067,7 +13247,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy Mid-Tier + product: BMC PATROL for Sybase cves: cve-2021-4104: investigated: false @@ -13077,9 +13257,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13097,7 +13277,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy SLM + product: BMC PATROL for Linux KM cves: cve-2021-4104: investigated: false @@ -13107,7 +13287,487 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC PATROL Knowledge Modules - PATROL KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: Except Sybase and Linux + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Plus Utilities + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy AR System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy CMDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy ITSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy Mid-Tier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy SLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy Smart Reporting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy SmartIT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy SRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Reorg Plus for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Auth Proxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO DataTransfer Tool + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Runtime Component System (RTCS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] unaffected_versions: - '' cve-2021-45046: @@ -13127,7 +13787,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy SmartIT + product: BMC TrueSight Automation Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Automation for Networks cves: cve-2021-4104: investigated: false @@ -13137,9 +13827,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13157,7 +13847,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Remedy SRM + product: BMC TrueSight Automation for Servers - Data Wharehouse cves: cve-2021-4104: investigated: false @@ -13167,9 +13857,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13187,7 +13877,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Reorg Plus for Db2 + product: BMC TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -13217,7 +13907,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO Agent + product: BMC TrueSight Capacity Optimization - Agents cves: cve-2021-4104: investigated: false @@ -13247,7 +13937,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO Auth Proxy + product: BMC TrueSight Operations Management - App Visibility Manager cves: cve-2021-4104: investigated: false @@ -13257,9 +13947,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13277,7 +13967,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO DataTransfer Tool + product: BMC TrueSight Operations Management - Infrastructure Management cves: cve-2021-4104: investigated: false @@ -13287,9 +13977,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13307,7 +13997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC RSSO Server + product: BMC TrueSight Operations Management - IT Data Analytics cves: cve-2021-4104: investigated: false @@ -13317,9 +14007,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13337,7 +14027,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Runtime Component System (RTCS) + product: BMC TrueSight Operations Management - Presenttion Server cves: cve-2021-4104: investigated: false @@ -13347,9 +14037,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Operations Management Reporting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13367,7 +14087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TrueSight Capacity Optimization + product: BMC TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -13397,7 +14117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TrueSight Capacity Optimization - Agents + product: BMC TrueSight Server Automation cves: cve-2021-4104: investigated: false @@ -13407,9 +14127,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Smart Reporting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13427,7 +14177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC TrueSight Orchestration + product: BMC TrueSight Smart Reporting Platform cves: cve-2021-4104: investigated: false @@ -13437,9 +14187,39 @@ software: cve-2021-44228: investigated: true affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] fixed_versions: [] - unaffected_versions: + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Vulnerability Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13636,6 +14416,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Control-M + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: DASD Manager Plus for Db2 cves: @@ -14416,6 +15226,96 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Partner KMs Hardware Sentry Open Telemetry Collector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Partner KMs Storage All-in-One ETL for BMC Truesight Capacity Optimization + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Partner KMs Storage Analyzer for PATROL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: Prefix Resolution Plus cves: From c4139f3296b960f955040681137039a49883657f Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Tue, 15 Feb 2022 21:59:33 +0000 Subject: [PATCH 257/268] Update the software list --- SOFTWARE-LIST.md | 526 +- data/cisagov.yml | 12704 ++++++++++++++++++++++++++++++++++++++++--- data/cisagov_B.yml | 246 +- 3 files changed, 12543 insertions(+), 933 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index a9552e2..2edd23e 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -373,32 +373,174 @@ NOTE: This file is automatically generated. To submit updates, please refer to | AXON | All | | | Unknown | [link](https://my.axon.com/s/trust/response-to-log4j2-vuln?language=en_US) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | AXS Guard | All | | | Unknown | [link](https://www.axsguard.com/en_US/blog/security-news-4/log4j-vulnerability-77) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Axways Applications | All | | | Unknown | [link](https://support.axway.com/news/1331/lang/en) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| B&R Industrial Automation | APROL | | | Unknown | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | -| BackBox | | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Balbix | | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Baramundi Products | | | | Unknown | [link](https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Barco | | | | Unknown | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Barracuda | | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Baxter | | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight™ Data Manager | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight™ Diversion Management | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight™ Infection Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight™ Inventory Optimization Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight™ Medication Safety | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Knowledge Portal for BD Pyxis™ Supply | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Knowledge Portal for Infusion Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| B&R Industrial Automation | APROL | | | Not Affected | [link](https://www.br-automation.com/downloads_br_productcatalogue/assets/1639507581859-en-original-1.0.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 | +| Backblaze | Cloud | | | Fixed | [link](https://help.backblaze.com/hc/en-us/articles/4412580603419) | Cloud service patched. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BackBox | All | | | Unknown | [link](https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Balbix | All | | | Unknown | [link](https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Baramundi Products | All | | | Unknown | [link](https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Demetra | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Demetra | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Green Barco Wall Control Manager (gBCM) | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | MediCal QAWeb | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | NexxisOR | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | OpSpace | | 1.8 - 1.9.4.1 | Fixed | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barco | Transform N (TFN) | | | Not Affected | [link](https://www.barco.com/en/support/knowledge-base/kb12495) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Barracuda | All | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Basis Technology | Autopsy | | 4.18.0 onwards | Fixed | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | version 4.18.0 onwards use Apache Solr 8. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Baxter | All | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac Server, DoseLink Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space Wireless Battery | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor Space Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BCT | BerichtenCentrale (BCE) & Integrations | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BCT | CORSA | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BCT | e-Invoice | | 2.10.210 | Fixed | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BCT | IDT | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BCT | iGEN | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BCT | LIBER | | 1.125.3 | Fixed | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris CC Plus Guardrails Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris CC Plus Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris Enteral Plus Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris Gateway Workstation | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris GP Plus Guardrails Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris GP Plus Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris PK Plus Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris Technical Utility (ATU) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris TiVA Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Alaris VP Plus Guardrails Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Accuri C6 Plus | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Action Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Auto-ID Module Model | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Communications Engine | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris CQI Event Reporter | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Guardrails Editor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Infusion Central | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris neXus CC Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris neXus Editor v5.0 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris neXus GP Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris PCA Module Model 8120 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Plus Editor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Point-of-Care Software | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Point-of-Care Unit (PCU) Model 8015 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Pump Module Model 8100 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Syringe Module Model 8110 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris System Mainetnance | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Alaris Systems Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Arctic Sun Analytics | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD BACTEC 9050 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD BACTEC 9120 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD BACTEC 9240 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD BACTEC FX | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD BACTEC FX40 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD BACTEC MGIT | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Care Coordination Engine (CCE) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Cato | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD COR | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Diabetes Care App Cloud | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD EpiCenter | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACS Lyse Wash Assistant | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACS Sample Prep Assistant (SPA) III | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACS Workflow Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSAria Fusion | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSAria II | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSAria III | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCalibur | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCanto 10-color | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCanto 10-color clinical | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCanto II (w Diva 9.0) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCanto II clinical | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCelesta | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSCount | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSDuet | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSLink | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSLyric | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSMelody | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSPresto | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSVerse | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSVia | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSymphony A1 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSymphony A3 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSymphony A5 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD FACSymphony S6 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HD Check System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight Clinical Advisor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight Data Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight Diversion Management | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight Infection Advisor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight Inventory Optimization Analytics | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight Medication Safety | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Intelliport | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Intelliport | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Intelliport Medication Management System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Inventory Connect | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Kiestra InoquIA | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Kiestra InoquIA+ | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Knowledge Portal for BD Pyxis Supply | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Knowledge Portal for Infusion Technologies | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Knowledge Portal for Medication Technologies | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD MAX | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Phoenix 100 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Phoenix AP | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Phoenix M50 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Prevue II Peripheral Vascular Access System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Probetec | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Anesthesia Station 4000 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Anesthesia Station ES | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis CIISafe | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis CUBIE System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis ES System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis IV Prep | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Logistics (Pyxis Pharmogistics) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Med Link Queue & Waste | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis MedBank | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis MedStation 4000 System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Medstation ES | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Order Viewer | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis ParAssist | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis PARx | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis PharmoPack | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis RapidRx | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis ReadyMed | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis SupplyStation | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Tissue & Implant Management System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Pyxis Track and Deliver | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD ReadyMed | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Remote Support Services (RSS) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rhapsody Single-Cell Analysis System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rowa Dose (Windows 10 platform) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rowa Dose (Windows 7 Workstations only) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rowa Pouch Packaging Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rowa ProLog | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rowa Smart | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Rowa Vmax | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Sensica Urine Output System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Site~Rite 8 Ultrasound Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Synapsys Informatics Solution | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Totalys DataLink | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Totalys Multiprocessor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Totalys SlidePrep | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Veritor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Veritor COVID At Home Solution Cloud | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Viper LT | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Viper XTR | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | CoreLite | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | EnCor Enspire Breast Biopsy System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | EnCor Ultra Breast Biopsy System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | FlowJo Portal | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | FlowJo Software | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Influx | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | LSRFortessa | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | LSRFortessa X-20 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | PleurX | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | QUANTAFLO Peripheral Arterial Disease Test | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Restock Order | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | SeqGeq Software | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Sherlock 3CG Standalone Tip Confirmation Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Site~Rite PICC Ultrasound Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Site~Rite Prevue Plus Ultrasound Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | Specimen Collection Verification | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | @@ -477,59 +619,289 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Beijer Electronics | Nexto modular PLC | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | Nexto Xpress compact controller | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Belden | Hirschmann Networking Devices and Software Tools | | | Not Affected | [link](https://hirschmann-support.belden.com/file.php/18672XKMWSCRYGG186719202C5BA4/Hirschmann_Statement_Log4j_Vulnerability_Dec2021.pdf) | Hirschmann is a brand of Belden. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Bender | All | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Best Practical | Request Tracker (RT) | | | Not Affected | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Best Practical | Request Tracker for Incident Response (RTIR) | | | Not Affected | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BeyondTrust | Privilege Management Cloud | | | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BitNami By VMware | | | | Unknown | [link](https://docs.bitnami.com/general/security/security-2021-12-10/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BitRise | | | | Unknown | [link](https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Bitwarden | | | | Unknown | [link](https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Biztory | Fivetran | | | Unknown | [link](https://www.biztory.com/blog/apache-log4j2-vulnerability) | | Vendor review indicated Fivetran is not vulnerable to Log4j2 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Black Kite | | | | Unknown | [link](https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Blancco | | | | Unknown | [link](https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Blumira | | | | Unknown | [link](https://www.blumira.com/cve-2021-44228-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Bladelogic Database Automation | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Products | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Automation Console | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Business Workflows | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Client Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Cloud Cost | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Cloud Security | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix CMDB | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Continuous Optimization | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Control-M | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Digital Workplace | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Discovery | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix ITSM | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Knowledge Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Operations Management with AIOps | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Platform | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix platform | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Remediate | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Remediate | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Remedyforce | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Virtual Agent | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Cloud Lifecycle Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Control-M | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Footprints | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | MainView Middleware Administrator | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | MainView Middleware Monitor | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Remedy ITSM (IT Service Management) | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | SmartIT | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Track-It! | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | TrueSight Automation for Networks | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | TrueSight Automation for Servers | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | TrueSight Capacity Optimization | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | TrueSight Infrastructure Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | TrueSight Operations Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | TrueSight Orchestration | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BigBlueButton | All | | | Not Affected | [link](https://github.com/bigbluebutton/bigbluebutton/issues/13897) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| BioJava | All | | | Fixed | [link](https://github.com/biojava/biojava/releases/tag/biojava-6.0.4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| BioMerieux | All | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| BisectHosting | All | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BitDefender | GravityZone On-Prem | | | Not Affected | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BitNami By VMware | | | | Fixed | [link](https://docs.bitnami.com/general/security/security-2021-12-10/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BitRise | All | | | Unknown | [link](https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Bitwarden | All | | | Not Affected | [link](https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Biztory | Fivetran | | | Not Affected | [link](https://www.biztory.com/blog/apache-log4j2-vulnerability) | | Vendor review indicated Fivetran is not vulnerable to Log4j2 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Black Kite | All | | | Unknown | [link](https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BlackBerry | 2FA | | All | Fixed | [link](https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BlackBerry | Enterprise Mobility Server | | 2.12 and above | Fixed | [link](https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BlackBerry | Workspaces On-Prem Server | | All | Fixed | [link](https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Blancco | All | | | Unknown | [link](https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Bluemind | All | | | Not Affected | [link](https://twitter.com/bluemind/status/1470379923034578946?s=20A) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Blumira | All | | | Unknown | [link](https://www.blumira.com/cve-2021-44228-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | 3270 SUPEROPTIMIZER/CI | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | 3270 SUPEROPTIMIZER/CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Application Restart Control for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Application Restart Control for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Application Restart Control for VSAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Bladelogic Database Automation | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Apptune for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Backup and Recovery for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Batch Optimizer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Capacity Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Catalog Manager for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Catalog Manager for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Change Manager for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Change Manager for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Change Manager for IMS for DBCTL | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Change Manager for IMS TM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Change Manager Virtual Terminal for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Check for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Command Center for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Command Center for Security | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Console Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Copy for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Cost Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Data Packer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Database Administration for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Database Advisor for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Database Performance for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Datastream for Ops | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for McAfee DAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for Ops Insight | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for z/Linux | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for z/OS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender for z/OS GSIP Package | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender TCP/IP Receiver | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Defender z/VM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI DevOps for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Energizer for IMS Connect | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Enterprise Connector | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Extended Terminal Assist for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Indexer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Online Analyzer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Online Image Copy for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Online Reorg for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Online Restructure for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Recovery for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Fast Path Restart for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Integrity for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Large Object Management for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Load for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI LOBMaster for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Log Analyzer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Log Master for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Message Advisor for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Online Reorg for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Automation | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Automation for Capping | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Common Rest API (CRA) | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops for Networks | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Infrastructure (MVI) - CRA | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Insight | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for CMF | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for IMS Offline | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for IMS Online | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for IP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for JE | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for MQ | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for USS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for WAS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor for z/OS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops Monitor SYSPROG Services | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops UI | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Partitioned Database Facility for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Pointer Checker for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Pool Advisor for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Recover for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Recovery for VSAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Recovery Manager for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Reorg for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Reorg for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Security Administrator | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Security Policy Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Security Self Service Password Reset | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI SQL Explorer for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI SQL Performance for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Stats for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Storage | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Unload for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Utility Mangement for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Utility Mangemer for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Utlities for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Application Accelerator for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Check Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Client Gateway (Kaazing) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Client Management | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Abend-Aid | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Application Audit | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware DevEnterprise | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Enterprise Common Components (ECC) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Enterprise Services (CES) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware File-AID Data Privacy | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware File-AID Data Solutions | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware File-AID for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware File-AID for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware File-AID/MVS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware File-AID/RDX | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Hiperstation ALL Product Offerings | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware ISPW | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware iStrobe | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Program Analyzer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Storage Backup and Recovery | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Storage Migration | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Storage Performance | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Strobe | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware ThruPut Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Connect (including NXPromote) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Enterprise Data | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz for Java Performance | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz for Total Test | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Program Analysis | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Workbench | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Xpediter/CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Xpediter/Code Coverage | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Xpediter/TSO and IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz Xpediter/Xchange | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware Topaz zAdviser | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC COPE for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC DASD Manger for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Database Recovery Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Db2 Plus Utilities | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender Agent Configuration Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender Agent for SAP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender Agent for Unix/Linux | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender Agent for Windows | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender App for Splunk | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender SIEM Correlation Server | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender SIEM for Motorola | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender SIEM for NNT | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender SyslogDefender | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Defender Windows Agent for Splunk | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Digital Workplace Advanced (DWPA) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Digital Workplace Basic (DWP) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Digital Workplace Catalog (DWPC) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Discovery | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Discovery for z/OS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Business Workflows | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Continuous Optimization (REE) | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Continuous Optimization - Agents | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Data Manager | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Discovery | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Discovery Outpost | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix ITSM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix ITSM | | 21.x | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Knowledge Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Platform | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC License Usage Collection Utility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC LOADPLUS for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MainView Explorer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MainView Middleware Administrator | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MainView Middleware Monitor | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MainView Transaction Analyzer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MainView Vistapoint & Energizer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MAXM Reorg for IMS with Online/Defrag Feature | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MAXM Reorg/EP for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC MAXM Reorg/EP for IMS with Online/Defrag Feature | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Next Generation Logger (NGL) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Opertune for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC PATROL Agent | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC PATROL Agent (TSOM & BHOM) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC PATROL for Linux KM | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC PATROL for Sybase | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC PATROL Knowledge Modules - PATROL KM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | Except Sybase and Linux | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Plus Utilities | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy AR System | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy CMDB | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy ITSM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy Mid-Tier | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy SLM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy Smart Reporting | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy SmartIT | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Remedy SRM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Reorg Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC RSSO Agent | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC RSSO Auth Proxy | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC RSSO DataTransfer Tool | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC RSSO Server | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Runtime Component System (RTCS) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Automation Console | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Automation for Networks | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Automation for Servers - Data Wharehouse | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Capacity Optimization | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Capacity Optimization - Agents | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Operations Management - App Visibility Manager | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Operations Management - Infrastructure Management | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Operations Management - IT Data Analytics | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Operations Management - Presenttion Server | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Operations Management Reporting | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Orchestration | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Server Automation | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Smart Reporting | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Smart Reporting Platform | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TrueSight Vulnerability Management | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC TSCO for Mainframes | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Unload Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC User Interface Middleware (UIM) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Change Accumulation Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Concurrent Reorg Facility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Conditional Image Copy | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Control-M | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | DASD Manager Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Data Accelerator Compression | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Delta IMS DB/DC | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Delta IMS Virtual Terminal | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | ExceptionReporter | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Extended Buffer Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Fast Path Analyzer/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Fast Path Facility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Fast Path Facility/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Fast Path Reorg/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FASTCOPY | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FASTCPK | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDR | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDR/UPSTREAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDRABR | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDRERASE | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDRMOVE | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDRPAS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDRPASVM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | FDRREORG | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Footprints | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | IAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Image Copy Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | LOADPLUS for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | LOADPLUS/EP for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Local Copy Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Partner KMs Hardware Sentry Open Telemetry Collector | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Partner KMs Storage All-in-One ETL for BMC Truesight Capacity Optimization | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Partner KMs Storage Analyzer for PATROL | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Prefix Resolution Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Prefix Update for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Recovery Advisor for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Recovery Manager for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Recovery Plus for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Release Package and Deployment | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Release Process Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Resident Security Server | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Secondary Index Utility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Secondary Index Utility/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Snapshot Upgrade Feature | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Track-It! | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | ULTRAOPT/CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | ULTRAOPT/IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | UNLOAD PLUS for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | UNLOAD PLUS/EP for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | UXF for IMS (non product) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | zDetect | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Bosch | | | | Unknown | [link](https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Boston Scientific | | | | Unknown | [link](https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Box | | | | Unknown | [link](https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 6f63573..53171c1 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -10679,10 +10679,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10699,8 +10700,8 @@ software: references: - '' last_updated: '2021-12-16T00:00:00' - - vendor: BackBox - product: '' + - vendor: Backblaze + product: Cloud cves: cve-2021-4104: investigated: false @@ -10708,9 +10709,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -10723,13 +10725,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf - notes: '' + - https://help.backblaze.com/hc/en-us/articles/4412580603419 + notes: Cloud service patched. references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Balbix - product: '' + - vendor: BackBox + product: All cves: cve-2021-4104: investigated: false @@ -10752,13 +10754,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ + - https://updates.backbox.com/V6.5/Docs/CVE-2021-44228.pdf notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baramundi Products - product: '' + - vendor: Balbix + product: All cves: cve-2021-4104: investigated: false @@ -10781,13 +10783,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 + - https://www.balbix.com/blog/broad-exposure-to-log4shell-cve-2021-44228-highlights-how-the-attack-surface-has-exploded/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barco - product: '' + - vendor: Baramundi Products + product: All cves: cve-2021-4104: investigated: false @@ -10810,13 +10812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barco.com/en/support/knowledge-base/kb12495 + - https://forum.baramundi.com/index.php?threads/baramundi-produkte-von-log4shell-schwachstelle-in-log4j-nicht-betroffen.12539/#post-62875 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Barracuda - product: '' + - vendor: Barco + product: Demetra cves: cve-2021-4104: investigated: false @@ -10824,10 +10826,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10839,13 +10842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.barracuda.com/company/legal/trust-center + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Baxter - product: '' + - vendor: Barco + product: Demetra cves: cve-2021-4104: investigated: false @@ -10853,10 +10856,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10868,13 +10872,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BBraun - product: APEX® Compounder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Green Barco Wall Control Manager (gBCM) cves: cve-2021-4104: investigated: false @@ -10886,7 +10890,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10898,13 +10902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: BBraun - product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: MediCal QAWeb cves: cve-2021-4104: investigated: false @@ -10914,9 +10918,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10928,13 +10932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: BBraun - product: Outlook® Safety Infusion System Pump family + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: NexxisOR cves: cve-2021-4104: investigated: false @@ -10946,7 +10950,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -10958,13 +10962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: BBraun - product: Pinnacle® Compounder + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: OpSpace cves: cve-2021-4104: investigated: false @@ -10974,9 +10978,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 1.8 - 1.9.4.1 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -10988,13 +10992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: BBraun - product: Pump, SpaceStation, and Space® Wireless Battery) + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barco + product: Transform N (TFN) cves: cve-2021-4104: investigated: false @@ -11006,7 +11010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11018,14 +11022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.barco.com/en/support/knowledge-base/kb12495 notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: BBraun - product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® - Space® Infusion + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Barracuda + product: All cves: cve-2021-4104: investigated: false @@ -11033,11 +11036,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11049,13 +11051,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf + - https://www.barracuda.com/company/legal/trust-center notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: BD - product: Arctic Sun™ Analytics + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Basis Technology + product: Autopsy cves: cve-2021-4104: investigated: false @@ -11063,9 +11065,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 4.18.0 onwards unaffected_versions: [] cve-2021-45046: investigated: false @@ -11078,13 +11081,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.autopsy.com/autopsy-and-log4j-vulnerability/ + notes: version 4.18.0 onwards use Apache Solr 8. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Diabetes Care App Cloud + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Baxter + product: All cves: cve-2021-4104: investigated: false @@ -11107,13 +11110,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Clinical Advisor + - vendor: BBraun + product: APEX Compounder cves: cve-2021-4104: investigated: false @@ -11121,10 +11124,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11136,13 +11140,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Data Manager + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: DoseTrac Server, DoseLink Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -11150,9 +11154,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -11165,13 +11170,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Diversion Management + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Outlook Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -11179,10 +11184,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11194,13 +11200,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Infection Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pinnacle Compounder cves: cve-2021-4104: investigated: false @@ -11208,10 +11214,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11223,13 +11230,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Inventory Optimization Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Pump, SpaceStation, and Space Wireless Battery cves: cve-2021-4104: investigated: false @@ -11237,10 +11244,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11252,13 +11260,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight™ Medication Safety + last_updated: '2022-01-31T00:00:00' + - vendor: BBraun + product: Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor Space + Infusion cves: cve-2021-4104: investigated: false @@ -11266,10 +11275,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11281,13 +11291,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis™ Supply + last_updated: '2022-01-31T00:00:00' + - vendor: BCT + product: BerichtenCentrale (BCE) & Integrations cves: cve-2021-4104: investigated: false @@ -11295,10 +11305,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11310,13 +11321,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + - vendor: BCT + product: CORSA cves: cve-2021-4104: investigated: false @@ -11324,10 +11336,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11339,13 +11352,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies + - vendor: BCT + product: e-Invoice cves: cve-2021-4104: investigated: false @@ -11353,9 +11367,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - 2.10.210 unaffected_versions: [] cve-2021-45046: investigated: false @@ -11368,13 +11383,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys™ Informatics Solution + - vendor: BCT + product: IDT cves: cve-2021-4104: investigated: false @@ -11382,10 +11398,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11397,13 +11414,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor™ COVID At Home Solution Cloud + - vendor: BCT + product: iGEN cves: cve-2021-4104: investigated: false @@ -11411,10 +11429,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11426,13 +11445,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: Beckman Coulter - product: Access 2 (Immunoassay System) + - vendor: BCT + product: LIBER cves: cve-2021-4104: investigated: false @@ -11442,9 +11462,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All + fixed_versions: + - 1.125.3 + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11456,13 +11476,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' + - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ac•T 5diff (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris CC Plus Guardrails Syringe Pump cves: cve-2021-4104: investigated: false @@ -11474,7 +11495,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11486,13 +11507,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ac•T Family (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris CC Plus Syringe Pump cves: cve-2021-4104: investigated: false @@ -11504,7 +11525,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11516,13 +11537,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU2700 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris Enteral Plus Syringe Pump cves: cve-2021-4104: investigated: false @@ -11534,7 +11555,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11546,13 +11567,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU480 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris Gateway Workstation cves: cve-2021-4104: investigated: false @@ -11564,7 +11585,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11576,13 +11597,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU5400 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris GP Plus Guardrails Volumetric Pump cves: cve-2021-4104: investigated: false @@ -11594,7 +11615,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11606,13 +11627,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU5800 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris GP Plus Volumetric Pump cves: cve-2021-4104: investigated: false @@ -11624,7 +11645,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11636,13 +11657,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU640 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris PK Plus Syringe Pump cves: cve-2021-4104: investigated: false @@ -11654,7 +11675,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11666,13 +11687,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU680 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris Technical Utility (ATU) cves: cve-2021-4104: investigated: false @@ -11684,7 +11705,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11696,13 +11717,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 1200 (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris TiVA Syringe Pump cves: cve-2021-4104: investigated: false @@ -11714,7 +11735,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11726,13 +11747,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 1250 (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Alaris VP Plus Guardrails Volumetric Pump cves: cve-2021-4104: investigated: false @@ -11744,7 +11765,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11756,13 +11777,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 2500 (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Accuri C6 Plus cves: cve-2021-4104: investigated: false @@ -11774,7 +11795,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11786,13 +11807,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 2550 (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Action Manager cves: cve-2021-4104: investigated: false @@ -11804,7 +11825,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11816,13 +11837,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxA 5000 (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Auto-ID Module Model cves: cve-2021-4104: investigated: false @@ -11834,7 +11855,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11846,13 +11867,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxA 5000 Fit (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Communications Engine cves: cve-2021-4104: investigated: false @@ -11864,7 +11885,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11876,13 +11897,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 500 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris CQI Event Reporter cves: cve-2021-4104: investigated: false @@ -11894,7 +11915,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11906,13 +11927,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 520 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Guardrails Editor cves: cve-2021-4104: investigated: false @@ -11924,7 +11945,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11936,13 +11957,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 560 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Infusion Central cves: cve-2021-4104: investigated: false @@ -11954,7 +11975,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11966,13 +11987,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 600 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris neXus CC Syringe Pump cves: cve-2021-4104: investigated: false @@ -11984,7 +12005,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -11996,13 +12017,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 690T (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris neXus Editor v5.0 cves: cve-2021-4104: investigated: false @@ -12014,7 +12035,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12026,13 +12047,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 800 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris neXus GP Volumetric Pump cves: cve-2021-4104: investigated: false @@ -12044,7 +12065,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12056,13 +12077,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 900 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris PCA Module Model 8120 cves: cve-2021-4104: investigated: false @@ -12074,7 +12095,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12086,13 +12107,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH SMS (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Plus Editor cves: cve-2021-4104: investigated: false @@ -12104,7 +12125,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12116,13 +12137,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH SMS II (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Point-of-Care Software cves: cve-2021-4104: investigated: false @@ -12134,7 +12155,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12146,13 +12167,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM Autoplak (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Point-of-Care Unit (PCU) Model 8015 cves: cve-2021-4104: investigated: false @@ -12164,7 +12185,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12176,13 +12197,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM WalkAway 1040 (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Pump Module Model 8100 cves: cve-2021-4104: investigated: false @@ -12194,7 +12215,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12206,13 +12227,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM WalkAway 1096 (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Syringe Module Model 8110 cves: cve-2021-4104: investigated: false @@ -12224,7 +12245,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12236,13 +12257,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Command Central (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris System Mainetnance cves: cve-2021-4104: investigated: false @@ -12252,9 +12273,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12266,13 +12287,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Customers can follow instructions to remove log4j + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Insights (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Alaris Systems Manager cves: cve-2021-4104: investigated: false @@ -12282,9 +12303,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: + fixed_versions: [] + unaffected_versions: - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12296,13 +12317,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Patch has been applied. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Inventory Manager (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Arctic Sun Analytics cves: cve-2021-4104: investigated: false @@ -12314,7 +12335,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12326,13 +12347,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Workflow Manager (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC 9050 cves: cve-2021-4104: investigated: false @@ -12344,7 +12365,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12356,13 +12377,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxU Workcell (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC 9120 cves: cve-2021-4104: investigated: false @@ -12374,7 +12395,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12386,13 +12407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxUc (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC 9240 cves: cve-2021-4104: investigated: false @@ -12404,7 +12425,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12416,13 +12437,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxUm (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC FX cves: cve-2021-4104: investigated: false @@ -12434,7 +12455,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12446,13 +12467,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HighFlexX Software (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC FX40 cves: cve-2021-4104: investigated: false @@ -12464,7 +12485,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12476,13 +12497,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HmX (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD BACTEC MGIT cves: cve-2021-4104: investigated: false @@ -12494,7 +12515,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12506,13 +12527,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HmX AL (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Care Coordination Engine (CCE) cves: cve-2021-4104: investigated: false @@ -12524,7 +12545,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12536,13 +12557,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iChemVELOCITY (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Cato cves: cve-2021-4104: investigated: false @@ -12554,7 +12575,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12566,13 +12587,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: IMMAGE 800 (Nephelometry) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD COR cves: cve-2021-4104: investigated: false @@ -12584,7 +12605,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12596,13 +12617,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Intelligent Sample Banking ISB (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Diabetes Care App Cloud cves: cve-2021-4104: investigated: false @@ -12614,7 +12635,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12626,13 +12647,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ipaw (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD EpiCenter cves: cve-2021-4104: investigated: false @@ -12644,7 +12665,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12656,13 +12677,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iQ Workcell (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACS Lyse Wash Assistant cves: cve-2021-4104: investigated: false @@ -12674,7 +12695,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12686,13 +12707,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iQ200 (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACS Sample Prep Assistant (SPA) III cves: cve-2021-4104: investigated: false @@ -12704,7 +12725,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12716,13 +12737,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iRICELL (Urinalysis) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACS Workflow Manager cves: cve-2021-4104: investigated: false @@ -12734,7 +12755,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12746,14 +12767,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter - (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSAria Fusion cves: cve-2021-4104: investigated: false @@ -12762,10 +12782,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: - - All + affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12777,13 +12797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: The only known instance of vulnerability due to Log4J is using Axeda services + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH 500 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSAria II cves: cve-2021-4104: investigated: false @@ -12795,7 +12815,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12807,13 +12827,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH Slidemaker (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSAria III cves: cve-2021-4104: investigated: false @@ -12825,7 +12845,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12837,13 +12857,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH Slidestraine (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCalibur cves: cve-2021-4104: investigated: false @@ -12855,7 +12875,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12867,13 +12887,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH750 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCanto 10-color cves: cve-2021-4104: investigated: false @@ -12885,7 +12905,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12897,13 +12917,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH780 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCanto 10-color clinical cves: cve-2021-4104: investigated: false @@ -12915,7 +12935,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12927,13 +12947,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH785 (Hematology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCanto II (w Diva 9.0) cves: cve-2021-4104: investigated: false @@ -12945,7 +12965,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12957,13 +12977,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: MicroScan autoSCAN-4 (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCanto II clinical cves: cve-2021-4104: investigated: false @@ -12975,7 +12995,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -12987,13 +13007,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PK7300 (Blood Bank) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCelesta cves: cve-2021-4104: investigated: false @@ -13005,7 +13025,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13017,13 +13037,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PK7400 (Blood Bank) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSCount cves: cve-2021-4104: investigated: false @@ -13035,7 +13055,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13047,13 +13067,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Express (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSDuet cves: cve-2021-4104: investigated: false @@ -13065,7 +13085,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13077,13 +13097,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Link (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSLink cves: cve-2021-4104: investigated: false @@ -13095,7 +13115,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13107,13 +13127,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Processor (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSLyric cves: cve-2021-4104: investigated: false @@ -13125,7 +13145,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13137,13 +13157,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PROService (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSMelody cves: cve-2021-4104: investigated: false @@ -13155,7 +13175,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13167,13 +13187,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: RAP Box (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSPresto cves: cve-2021-4104: investigated: false @@ -13185,7 +13205,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13197,13 +13217,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: REMISOL ADVANCE (Information Systems) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSVerse cves: cve-2021-4104: investigated: false @@ -13215,7 +13235,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13227,13 +13247,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Sorting Drive (Lab Automation) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSVia cves: cve-2021-4104: investigated: false @@ -13245,7 +13265,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13257,13 +13277,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxC 600 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony A1 cves: cve-2021-4104: investigated: false @@ -13275,7 +13295,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13287,13 +13307,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxC 800 (Chemistry System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony A3 cves: cve-2021-4104: investigated: false @@ -13305,7 +13325,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13317,13 +13337,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxI 600 (Immunoassay System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony A5 cves: cve-2021-4104: investigated: false @@ -13335,7 +13355,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13347,13 +13367,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxI 800 (Immunoassay System) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD FACSymphony S6 cves: cve-2021-4104: investigated: false @@ -13365,7 +13385,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13377,13 +13397,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 40 plus (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HD Check System cves: cve-2021-4104: investigated: false @@ -13395,7 +13415,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13407,13 +13427,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 40 SI (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Clinical Advisor cves: cve-2021-4104: investigated: false @@ -13425,7 +13445,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13437,13 +13457,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 96 plus (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Data Manager cves: cve-2021-4104: investigated: false @@ -13455,7 +13475,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13467,13 +13487,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 96 SI (Microbiology) + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Diversion Management cves: cve-2021-4104: investigated: false @@ -13485,7 +13505,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - All + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13497,13 +13517,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beijer Electronics - product: acirro+ + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Infection Advisor cves: cve-2021-4104: investigated: false @@ -13511,10 +13531,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13526,13 +13547,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BFI frequency inverters + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Inventory Optimization Analytics cves: cve-2021-4104: investigated: false @@ -13540,10 +13561,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13555,13 +13577,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BSD servo drives + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD HealthSight Medication Safety cves: cve-2021-4104: investigated: false @@ -13569,10 +13591,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13584,13 +13607,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: CloudVPN + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Intelliport cves: cve-2021-4104: investigated: false @@ -13598,10 +13621,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13613,13 +13637,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: FnIO-G and M Distributed IO + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Intelliport cves: cve-2021-4104: investigated: false @@ -13627,10 +13651,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13642,13 +13667,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: iX Developer + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Intelliport Medication Management System cves: cve-2021-4104: investigated: false @@ -13656,10 +13681,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13671,13 +13697,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto modular PLC + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Inventory Connect cves: cve-2021-4104: investigated: false @@ -13685,10 +13711,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13700,13 +13727,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto Xpress compact controller + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Kiestra InoquIA cves: cve-2021-4104: investigated: false @@ -13714,10 +13741,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13729,13 +13757,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: WARP Engineering Studio + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Kiestra InoquIA+ cves: cve-2021-4104: investigated: false @@ -13743,10 +13771,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13758,13 +13787,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Bender - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for BD Pyxis Supply cves: cve-2021-4104: investigated: false @@ -13772,10 +13801,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13787,14 +13817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bender.de/en/cert + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response - (RTIR) - product: '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -13802,10 +13831,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13817,14 +13847,10954 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud - cves: + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Knowledge Portal for Medication Technologies + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD MAX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Phoenix 100 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Phoenix AP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Phoenix M50 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Prevue II Peripheral Vascular Access System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Probetec + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Anesthesia Station 4000 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Anesthesia Station ES + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis CIISafe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis CUBIE System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis ES System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis IV Prep + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Logistics (Pyxis Pharmogistics) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Med Link Queue & Waste + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis MedBank + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis MedStation 4000 System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Medstation ES + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Order Viewer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis ParAssist + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis PARx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis PharmoPack + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis RapidRx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis ReadyMed + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis SupplyStation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Tissue & Implant Management System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Pyxis Track and Deliver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD ReadyMed + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Remote Support Services (RSS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rhapsody Single-Cell Analysis System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Dose (Windows 10 platform) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Dose (Windows 7 Workstations only) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Pouch Packaging Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa ProLog + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Smart + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Rowa Vmax + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Sensica Urine Output System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Site~Rite 8 Ultrasound Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Synapsys Informatics Solution + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Totalys DataLink + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Totalys Multiprocessor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Totalys SlidePrep + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Veritor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Veritor COVID At Home Solution Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Viper LT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: BD Viper XTR + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: CoreLite + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: EnCor Enspire Breast Biopsy System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: EnCor Ultra Breast Biopsy System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: FlowJo Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: FlowJo Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Influx + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: LSRFortessa + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: LSRFortessa X-20 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: PleurX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: QUANTAFLO Peripheral Arterial Disease Test + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Restock Order + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: SeqGeq Software + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Sherlock 3CG Standalone Tip Confirmation Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Site~Rite PICC Ultrasound Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Site~Rite Prevue Plus Ultrasound Systems + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: BD + product: Specimen Collection Verification + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' + references: + - '' + last_updated: '2021-12-20T00:00:00' + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: '' + references: + - '' + last_updated: '2022-01-31T00:00:00' + - vendor: Beijer Electronics + product: acirro+ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BFI frequency inverters + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BSD servo drives + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: CloudVPN + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: FnIO-G and M Distributed IO + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: iX Developer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto modular PLC + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto Xpress compact controller + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: WARP Engineering Studio + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: Belden + product: Hirschmann Networking Devices and Software Tools + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://hirschmann-support.belden.com/file.php/18672XKMWSCRYGG186719202C5BA4/Hirschmann_Statement_Log4j_Vulnerability_Dec2021.pdf + notes: Hirschmann is a brand of Belden. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Bender + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bender.de/en/cert + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical + product: Request Tracker (RT) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Best Practical + product: Request Tracker for Incident Response (RTIR) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BeyondTrust + product: Privilege Management Cloud + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Privilege Management Reporting in BeyondInsight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '21.2' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Secure Remote Access appliances + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + notes: '' + references: + - '' + last_updated: '2021-12-17T00:00:00' + - vendor: BigBlueButton + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/bigbluebutton/bigbluebutton/issues/13897 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: BioJava + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://github.com/biojava/biojava/releases/tag/biojava-6.0.4 + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: BioMerieux + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.biomerieux.com/en/cybersecurity-data-privacy + notes: '' + references: + - '' + last_updated: '2021-12-22T00:00:00' + - vendor: BisectHosting + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BitDefender + product: GravityZone On-Prem + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BitNami By VMware + product: '' + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://docs.bitnami.com/general/security/security-2021-12-10/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BitRise + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Bitwarden + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Biztory + product: Fivetran + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.biztory.com/blog/apache-log4j2-vulnerability + notes: '' + references: + - Vendor review indicated Fivetran is not vulnerable to Log4j2 + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Black Kite + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BlackBerry + product: 2FA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BlackBerry + product: Enterprise Mobility Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 2.12 and above + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BlackBerry + product: Workspaces On-Prem Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - All + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Blancco + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Bluemind + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 3.5.x + - 4.x + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://twitter.com/bluemind/status/1470379923034578946?s=20A + notes: This advisory is available to customer only and has not been reviewed by + CISA. + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Blumira + product: All + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.blumira.com/cve-2021-44228-log4shell/ + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: 3270 SUPEROPTIMIZER/CI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: 3270 SUPEROPTIMIZER/CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Application Restart Control for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Application Restart Control for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Application Restart Control for VSAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Bladelogic Database Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Apptune for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Backup and Recovery for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Batch Optimizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Capacity Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Catalog Manager for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Catalog Manager for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for IMS for DBCTL + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager for IMS TM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Change Manager Virtual Terminal for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Check for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Command Center for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Command Center for Security + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Console Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Copy for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Cost Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Data Packer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Administration for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Advisor for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Database Performance for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Datastream for Ops + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for McAfee DAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for Ops Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender for z/OS GSIP Package + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender TCP/IP Receiver + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Defender z/VM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI DevOps for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Energizer for IMS Connect + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Enterprise Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Extended Terminal Assist for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Indexer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Analyzer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Image Copy for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Online Restructure for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Recovery for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Fast Path Restart for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Integrity for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Large Object Management for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Load for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI LOBMaster for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Log Analyzer for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Log Master for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Message Advisor for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Online Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Automation + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Automation for Capping + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Common Rest API (CRA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops for Networks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Infrastructure (MVI) - CRA + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Insight + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for CMF + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IMS Offline + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IMS Online + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for IP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for JE + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for MQ + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for USS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for WAS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops Monitor SYSPROG Services + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Ops UI + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Partitioned Database Facility for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Pointer Checker for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Pool Advisor for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Recover for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Recovery for VSAM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Recovery Manager for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Reorg for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Reorg for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Security Administrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Security Policy Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Security Self Service Password Reset + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI SQL Explorer for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI SQL Performance for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Stats for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Storage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Unload for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Utility Mangement for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Utility Mangemer for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC AMI Utlities for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Application Accelerator for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Check Plus for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Client Gateway (Kaazing) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Client Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Abend-Aid + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Application Audit + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware DevEnterprise + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Enterprise Common Components (ECC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Enterprise Services (CES) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID Data Privacy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID Data Solutions + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID/MVS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware File-AID/RDX + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Hiperstation ALL Product Offerings + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware ISPW + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware iStrobe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Program Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Storage Backup and Recovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Storage Migration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Storage Performance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Strobe + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware ThruPut Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Connect (including NXPromote) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Enterprise Data + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz for Java Performance + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz for Total Test + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Program Analysis + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Workbench + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/CICS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/Code Coverage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/TSO and IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz Xpediter/Xchange + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Compuware Topaz zAdviser + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC COPE for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC DASD Manger for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Database Recovery Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Db2 Plus Utilities + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent Configuration Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent for SAP + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent for Unix/Linux + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Agent for Windows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender App for Splunk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SIEM Correlation Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SIEM for Motorola + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SIEM for NNT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender SyslogDefender + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Defender Windows Agent for Splunk + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Digital Workplace Advanced (DWPA) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Digital Workplace Basic (DWP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Digital Workplace Catalog (DWPC) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Discovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Discovery for z/OS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Business Workflows + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Continuous Optimization (REE) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Continuous Optimization - Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Data Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Discovery + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Discovery Outpost + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix ITSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 21.x and below + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix ITSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - 21.x + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Knowledge Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Helix Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC License Usage Collection Utility + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC LOADPLUS for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Explorer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Middleware Administrator + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Middleware Monitor + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Transaction Analyzer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MainView Vistapoint & Energizer + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MAXM Reorg for IMS with Online/Defrag Feature + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MAXM Reorg/EP for IMS + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Next Generation Logger (NGL) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Opertune for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC PATROL Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC PATROL Agent (TSOM & BHOM) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC PATROL for Linux KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC PATROL for Sybase + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC PATROL Knowledge Modules - PATROL KM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: Except Sybase and Linux + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Plus Utilities + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy AR System + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy CMDB + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy ITSM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy Mid-Tier + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy SLM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy Smart Reporting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy SmartIT + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Remedy SRM + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Reorg Plus for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Agent + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Auth Proxy + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO DataTransfer Tool + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC RSSO Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Runtime Component System (RTCS) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Automation Console + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Automation for Networks + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Automation for Servers - Data Wharehouse + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Capacity Optimization + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Capacity Optimization - Agents + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Operations Management - App Visibility Manager + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Operations Management - Infrastructure Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Operations Management - IT Data Analytics + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Operations Management - Presenttion Server + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Operations Management Reporting + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Orchestration + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Server Automation + cves: cve-2021-4104: investigated: false affected_versions: [] @@ -13834,7 +24804,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - Unknown + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -13847,13 +24817,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Smart Reporting cves: cve-2021-4104: investigated: false @@ -13864,7 +24834,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '21.2' + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -13877,13 +24847,73 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Smart Reporting Platform + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TrueSight Vulnerability Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC TSCO for Mainframes cves: cve-2021-4104: investigated: false @@ -13895,7 +24925,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - Unknown + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13907,13 +24937,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust Bomgar - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Unload Plus for Db2 cves: cve-2021-4104: investigated: false @@ -13921,10 +24951,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC User Interface Middleware (UIM) + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13936,13 +24997,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BioMerieux - product: '' + - vendor: BMC + product: Change Accumulation Plus cves: cve-2021-4104: investigated: false @@ -13950,10 +25011,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Concurrent Reorg Facility + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -13965,13 +25057,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BisectHosting - product: '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Conditional Image Copy cves: cve-2021-4104: investigated: false @@ -13979,10 +25071,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Control-M + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13994,13 +25117,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitDefender - product: '' + - vendor: BMC + product: DASD Manager Plus for Db2 cves: cve-2021-4104: investigated: false @@ -14008,10 +25131,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Data Accelerator Compression + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14023,13 +25177,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitNami By VMware - product: '' + - vendor: BMC + product: Delta IMS DB/DC cves: cve-2021-4104: investigated: false @@ -14037,10 +25191,41 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: Delta IMS Virtual Terminal + cves: + cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14052,13 +25237,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://docs.bitnami.com/general/security/security-2021-12-10/ + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitRise - product: '' + - vendor: BMC + product: ExceptionReporter cves: cve-2021-4104: investigated: false @@ -14066,10 +25251,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14081,13 +25267,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bitwarden - product: '' + - vendor: BMC + product: Extended Buffer Manager cves: cve-2021-4104: investigated: false @@ -14095,10 +25281,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14110,13 +25297,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Biztory - product: Fivetran + - vendor: BMC + product: Fast Path Analyzer/EP cves: cve-2021-4104: investigated: false @@ -14124,10 +25311,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14139,13 +25327,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.biztory.com/blog/apache-log4j2-vulnerability + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - - Vendor review indicated Fivetran is not vulnerable to Log4j2 + - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Black Kite - product: '' + - vendor: BMC + product: Fast Path Facility cves: cve-2021-4104: investigated: false @@ -14153,10 +25341,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14168,13 +25357,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blancco - product: '' + - vendor: BMC + product: Fast Path Facility/EP cves: cve-2021-4104: investigated: false @@ -14182,10 +25371,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14197,13 +25387,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blumira - product: '' + - vendor: BMC + product: Fast Path Reorg/EP cves: cve-2021-4104: investigated: false @@ -14211,10 +25401,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14226,13 +25417,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://www.blumira.com/cve-2021-44228-log4shell/ + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Bladelogic Database Automation + product: FASTCOPY cves: cve-2021-4104: investigated: false @@ -14240,10 +25431,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14261,7 +25453,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Ops + product: FASTCPK cves: cve-2021-4104: investigated: false @@ -14269,10 +25461,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14290,7 +25483,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Products + product: FDR cves: cve-2021-4104: investigated: false @@ -14298,10 +25491,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14319,7 +25513,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Compuware + product: FDR/UPSTREAM cves: cve-2021-4104: investigated: false @@ -14327,10 +25521,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14348,7 +25543,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Automation Console + product: FDRABR cves: cve-2021-4104: investigated: false @@ -14356,10 +25551,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14377,7 +25573,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Business Workflows + product: FDRERASE cves: cve-2021-4104: investigated: false @@ -14385,10 +25581,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14406,7 +25603,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Client Management + product: FDRMOVE cves: cve-2021-4104: investigated: false @@ -14414,10 +25611,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14435,7 +25633,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Cloud Cost + product: FDRPAS cves: cve-2021-4104: investigated: false @@ -14443,10 +25641,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14464,7 +25663,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Cloud Security + product: FDRPASVM cves: cve-2021-4104: investigated: false @@ -14472,10 +25671,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14493,7 +25693,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix CMDB + product: FDRREORG cves: cve-2021-4104: investigated: false @@ -14501,10 +25701,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14522,7 +25723,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Continuous Optimization + product: Footprints cves: cve-2021-4104: investigated: false @@ -14530,10 +25731,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14551,7 +25753,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Control-M + product: IAM cves: cve-2021-4104: investigated: false @@ -14559,10 +25761,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14580,7 +25783,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Digital Workplace + product: Image Copy Plus cves: cve-2021-4104: investigated: false @@ -14588,10 +25791,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14609,7 +25813,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Discovery + product: LOADPLUS for IMS cves: cve-2021-4104: investigated: false @@ -14617,10 +25821,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14638,7 +25843,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix ITSM + product: LOADPLUS/EP for IMS cves: cve-2021-4104: investigated: false @@ -14646,10 +25851,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14667,7 +25873,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Knowledge Management + product: Local Copy Plus cves: cve-2021-4104: investigated: false @@ -14675,10 +25881,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14696,7 +25903,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Operations Management with AIOps + product: Partner KMs Hardware Sentry Open Telemetry Collector cves: cve-2021-4104: investigated: false @@ -14704,9 +25911,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -14725,7 +25933,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Platform + product: Partner KMs Storage All-in-One ETL for BMC Truesight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -14733,9 +25941,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -14754,7 +25963,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix platform + product: Partner KMs Storage Analyzer for PATROL cves: cve-2021-4104: investigated: false @@ -14762,9 +25971,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] - fixed_versions: [] + fixed_versions: + - '' unaffected_versions: [] cve-2021-45046: investigated: false @@ -14783,7 +25993,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Remediate + product: Prefix Resolution Plus cves: cve-2021-4104: investigated: false @@ -14791,10 +26001,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14812,7 +26023,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Remediate + product: Prefix Update for IMS cves: cve-2021-4104: investigated: false @@ -14820,10 +26031,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14841,7 +26053,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Remedyforce + product: Recovery Advisor for IMS cves: cve-2021-4104: investigated: false @@ -14849,10 +26061,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14870,7 +26083,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Helix Virtual Agent + product: Recovery Manager for IMS cves: cve-2021-4104: investigated: false @@ -14878,10 +26091,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14899,7 +26113,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Cloud Lifecycle Management + product: Recovery Plus for IMS cves: cve-2021-4104: investigated: false @@ -14907,10 +26121,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14928,7 +26143,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Control-M + product: Release Package and Deployment cves: cve-2021-4104: investigated: false @@ -14936,10 +26151,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14957,7 +26173,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Footprints + product: Release Process Management cves: cve-2021-4104: investigated: false @@ -14965,10 +26181,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -14986,7 +26203,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: MainView Middleware Administrator + product: Resident Security Server cves: cve-2021-4104: investigated: false @@ -14994,10 +26211,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15015,7 +26233,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: MainView Middleware Monitor + product: Secondary Index Utility cves: cve-2021-4104: investigated: false @@ -15023,10 +26241,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15044,7 +26263,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Remedy ITSM (IT Service Management) + product: Secondary Index Utility/EP cves: cve-2021-4104: investigated: false @@ -15052,10 +26271,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15073,7 +26293,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: SmartIT + product: Snapshot Upgrade Feature cves: cve-2021-4104: investigated: false @@ -15081,10 +26301,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15110,10 +26331,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15131,7 +26353,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Automation for Networks + product: ULTRAOPT/CICS cves: cve-2021-4104: investigated: false @@ -15139,10 +26361,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15160,7 +26383,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Automation for Servers + product: ULTRAOPT/IMS cves: cve-2021-4104: investigated: false @@ -15168,10 +26391,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15189,7 +26413,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Capacity Optimization + product: UNLOAD PLUS for IMS cves: cve-2021-4104: investigated: false @@ -15197,10 +26421,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15218,7 +26443,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Infrastructure Management + product: UNLOAD PLUS/EP for IMS cves: cve-2021-4104: investigated: false @@ -15226,10 +26451,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15247,7 +26473,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Operations Management + product: UXF for IMS (non product) cves: cve-2021-4104: investigated: false @@ -15255,10 +26481,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] @@ -15276,7 +26503,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: TrueSight Orchestration + product: zDetect cves: cve-2021-4104: investigated: false @@ -15284,10 +26511,11 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - '' cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 0094764..3ee52c8 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -313,7 +313,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.8 - 1.9.4.1' + - 1.8 - 1.9.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -402,7 +402,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.18.0 onwards' + - 4.18.0 onwards unaffected_versions: [] cve-2021-45046: investigated: false @@ -600,8 +600,8 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor - Space Infusion + product: Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor Space + Infusion cves: cve-2021-4104: investigated: false @@ -656,7 +656,8 @@ software: unaffected_versions: [] vendor_links: - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' @@ -686,7 +687,8 @@ software: unaffected_versions: [] vendor_links: - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' @@ -702,7 +704,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.10.210' + - 2.10.210 unaffected_versions: [] cve-2021-45046: investigated: false @@ -716,7 +718,8 @@ software: unaffected_versions: [] vendor_links: - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' @@ -746,7 +749,8 @@ software: unaffected_versions: [] vendor_links: - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' @@ -776,7 +780,8 @@ software: unaffected_versions: [] vendor_links: - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' @@ -792,7 +797,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.125.3' + - 1.125.3 unaffected_versions: [] cve-2021-45046: investigated: false @@ -806,7 +811,8 @@ software: unaffected_versions: [] vendor_links: - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2021-12-20T00:00:00' @@ -2011,7 +2017,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSAria Fusion + product: BD FACS Lyse Wash Assistant cves: cve-2021-4104: investigated: false @@ -2041,7 +2047,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSAria II + product: BD FACS Sample Prep Assistant (SPA) III cves: cve-2021-4104: investigated: false @@ -2071,7 +2077,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSAria III + product: BD FACS Workflow Manager cves: cve-2021-4104: investigated: false @@ -2101,7 +2107,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCalibur + product: BD FACSAria Fusion cves: cve-2021-4104: investigated: false @@ -2131,7 +2137,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCanto 10-color + product: BD FACSAria II cves: cve-2021-4104: investigated: false @@ -2161,7 +2167,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCanto 10-color clinical + product: BD FACSAria III cves: cve-2021-4104: investigated: false @@ -2191,7 +2197,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCanto II (w Diva 9.0) + product: BD FACSCalibur cves: cve-2021-4104: investigated: false @@ -2221,7 +2227,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCanto II clinical + product: BD FACSCanto 10-color cves: cve-2021-4104: investigated: false @@ -2251,7 +2257,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCelesta + product: BD FACSCanto 10-color clinical cves: cve-2021-4104: investigated: false @@ -2281,7 +2287,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSCount + product: BD FACSCanto II (w Diva 9.0) cves: cve-2021-4104: investigated: false @@ -2311,7 +2317,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSDuet + product: BD FACSCanto II clinical cves: cve-2021-4104: investigated: false @@ -2341,7 +2347,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSLink + product: BD FACSCelesta cves: cve-2021-4104: investigated: false @@ -2371,7 +2377,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSLyric + product: BD FACSCount cves: cve-2021-4104: investigated: false @@ -2401,7 +2407,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSMelody + product: BD FACSDuet cves: cve-2021-4104: investigated: false @@ -2431,7 +2437,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSPresto + product: BD FACSLink cves: cve-2021-4104: investigated: false @@ -2461,7 +2467,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSVerse + product: BD FACSLyric cves: cve-2021-4104: investigated: false @@ -2491,7 +2497,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSVia + product: BD FACSMelody cves: cve-2021-4104: investigated: false @@ -2521,7 +2527,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSymphony A1 + product: BD FACSPresto cves: cve-2021-4104: investigated: false @@ -2551,7 +2557,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSymphony A3 + product: BD FACSVerse cves: cve-2021-4104: investigated: false @@ -2581,7 +2587,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSymphony A5 + product: BD FACSVia cves: cve-2021-4104: investigated: false @@ -2611,7 +2617,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACSymphony S6 + product: BD FACSymphony A1 cves: cve-2021-4104: investigated: false @@ -2641,7 +2647,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACS Lyse Wash Assistant + product: BD FACSymphony A3 cves: cve-2021-4104: investigated: false @@ -2671,7 +2677,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACS Sample Prep Assistant (SPA) III + product: BD FACSymphony A5 cves: cve-2021-4104: investigated: false @@ -2701,7 +2707,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD FACS Workflow Manager + product: BD FACSymphony S6 cves: cve-2021-4104: investigated: false @@ -2971,7 +2977,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Intelliport Medication Management System + product: BD Intelliport cves: cve-2021-4104: investigated: false @@ -3001,7 +3007,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Inventory Connect + product: BD Intelliport Medication Management System cves: cve-2021-4104: investigated: false @@ -3031,7 +3037,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Intelliport + product: BD Inventory Connect cves: cve-2021-4104: investigated: false @@ -4081,7 +4087,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Rowa Dose (Windows 7 Workstations only) + product: BD Rowa Dose (Windows 10 platform) cves: cve-2021-4104: investigated: false @@ -4111,7 +4117,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: BD Rowa Dose (Windows 10 platform) + product: BD Rowa Dose (Windows 7 Workstations only) cves: cve-2021-4104: investigated: false @@ -7385,7 +7391,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7801,7 +7807,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - 'All' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -7889,7 +7895,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -7903,7 +7909,8 @@ software: unaffected_versions: [] vendor_links: - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -7919,7 +7926,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '2.12 and above' + - 2.12 and above unaffected_versions: [] cve-2021-45046: investigated: false @@ -7933,7 +7940,8 @@ software: unaffected_versions: [] vendor_links: - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -7949,7 +7957,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 'All' + - All unaffected_versions: [] cve-2021-45046: investigated: false @@ -7963,7 +7971,8 @@ software: unaffected_versions: [] vendor_links: - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -8009,8 +8018,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '3.5.x' - - '4.x' + - 3.5.x + - 4.x cve-2021-45046: investigated: false affected_versions: [] @@ -8023,7 +8032,8 @@ software: unaffected_versions: [] vendor_links: - https://twitter.com/bluemind/status/1470379923034578946?s=20A - notes: This advisory is available to customer only and has not been reviewed by CISA. + notes: This advisory is available to customer only and has not been reviewed by + CISA. references: - '' last_updated: '2022-01-12T07:18:50+00:00' @@ -8236,36 +8246,6 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Application Accelerator for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC product: BMC AMI Apptune for Db2 cves: @@ -8867,7 +8847,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Integrity for IMS + product: BMC AMI Database Performance for Db2 cves: cve-2021-4104: investigated: false @@ -8897,7 +8877,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Database Performance for Db2 + product: BMC AMI Datastream for Ops cves: cve-2021-4104: investigated: false @@ -8927,7 +8907,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Datastream for Ops + product: BMC AMI Defender for Db2 cves: cve-2021-4104: investigated: false @@ -8957,7 +8937,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for Db2 + product: BMC AMI Defender for IMS cves: cve-2021-4104: investigated: false @@ -8987,7 +8967,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for IMS + product: BMC AMI Defender for McAfee DAM cves: cve-2021-4104: investigated: false @@ -9017,7 +8997,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for McAfee DAM + product: BMC AMI Defender for Ops Insight cves: cve-2021-4104: investigated: false @@ -9047,7 +9027,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for Ops Insight + product: BMC AMI Defender for z/Linux cves: cve-2021-4104: investigated: false @@ -9077,7 +9057,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for z/Linux + product: BMC AMI Defender for z/OS cves: cve-2021-4104: investigated: false @@ -9107,7 +9087,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for z/OS + product: BMC AMI Defender for z/OS GSIP Package cves: cve-2021-4104: investigated: false @@ -9137,7 +9117,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender for z/OS GSIP Package + product: BMC AMI Defender TCP/IP Receiver cves: cve-2021-4104: investigated: false @@ -9197,7 +9177,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Defender TCP/IP Receiver + product: BMC AMI DevOps for Db2 cves: cve-2021-4104: investigated: false @@ -9227,7 +9207,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI DevOps for Db2 + product: BMC AMI Energizer for IMS Connect cves: cve-2021-4104: investigated: false @@ -9257,7 +9237,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Energizer for IMS Connect + product: BMC AMI Enterprise Connector cves: cve-2021-4104: investigated: false @@ -9287,7 +9267,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Enterprise Connector + product: BMC AMI Extended Terminal Assist for IMS cves: cve-2021-4104: investigated: false @@ -9317,7 +9297,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Extended Terminal Assist for IMS + product: BMC AMI Fast Path Indexer for IMS cves: cve-2021-4104: investigated: false @@ -9347,7 +9327,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Indexer for IMS + product: BMC AMI Fast Path Online Analyzer for IMS cves: cve-2021-4104: investigated: false @@ -9377,7 +9357,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Analyzer for IMS + product: BMC AMI Fast Path Online Image Copy for IMS cves: cve-2021-4104: investigated: false @@ -9407,7 +9387,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Image Copy for IMS + product: BMC AMI Fast Path Online Reorg for IMS cves: cve-2021-4104: investigated: false @@ -9437,7 +9417,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Reorg for IMS + product: BMC AMI Fast Path Online Restructure for IMS cves: cve-2021-4104: investigated: false @@ -9467,7 +9447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Online Restructure for IMS + product: BMC AMI Fast Path Recovery for IMS cves: cve-2021-4104: investigated: false @@ -9497,7 +9477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Recovery for IMS + product: BMC AMI Fast Path Restart for IMS cves: cve-2021-4104: investigated: false @@ -9527,7 +9507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Fast Path Restart for IMS + product: BMC AMI Integrity for IMS cves: cve-2021-4104: investigated: false @@ -10847,7 +10827,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Utlities for Db2 + product: BMC AMI Utility Mangement for Db2 cves: cve-2021-4104: investigated: false @@ -10877,7 +10857,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Utility Mangement for Db2 + product: BMC AMI Utility Mangemer for Db2 cves: cve-2021-4104: investigated: false @@ -10907,7 +10887,37 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC AMI Utility Mangemer for Db2 + product: BMC AMI Utlities for Db2 + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - '' + cve-2021-45046: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + notes: '' + references: + - '' + last_updated: '2022-01-12T07:18:50+00:00' + - vendor: BMC + product: BMC Application Accelerator for IMS cves: cve-2021-4104: investigated: false @@ -12377,7 +12387,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Digital Workplace Basic (DWP) + product: BMC Digital Workplace Advanced (DWPA) cves: cve-2021-4104: investigated: false @@ -12407,7 +12417,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Digital Workplace Catalog (DWPC) + product: BMC Digital Workplace Basic (DWP) cves: cve-2021-4104: investigated: false @@ -12437,7 +12447,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC Digital Workplace Advanced (DWPA) + product: BMC Digital Workplace Catalog (DWPC) cves: cve-2021-4104: investigated: false @@ -12719,7 +12729,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '21.x and below' + - 21.x and below cve-2021-45046: investigated: false affected_versions: [] @@ -12748,7 +12758,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '21.x' + - 21.x unaffected_versions: [] cve-2021-45046: investigated: false @@ -13247,7 +13257,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL for Sybase + product: BMC PATROL for Linux KM cves: cve-2021-4104: investigated: false @@ -13277,7 +13287,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: BMC PATROL for Linux KM + product: BMC PATROL for Sybase cves: cve-2021-4104: investigated: false @@ -14747,7 +14757,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FASTCPK + product: FASTCOPY cves: cve-2021-4104: investigated: false @@ -14777,7 +14787,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FASTCOPY + product: FASTCPK cves: cve-2021-4104: investigated: false @@ -15467,7 +15477,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Release Process Management + product: Release Package and Deployment cves: cve-2021-4104: investigated: false @@ -15497,7 +15507,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Release Package and Deployment + product: Release Process Management cves: cve-2021-4104: investigated: false From 5611ab59074b64389c4aafaff141e4312d3970c0 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 16 Feb 2022 07:28:29 -0500 Subject: [PATCH 258/268] Update B products --- data/cisagov_B.yml | 12316 +++---------------------------------------- 1 file changed, 665 insertions(+), 11651 deletions(-) diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 3ee52c8..382dcb6 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -313,7 +313,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 1.8 - 1.9.4.1 + - '1.8 - 1.9.4.1' unaffected_versions: [] cve-2021-45046: investigated: false @@ -402,7 +402,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - 4.18.0 onwards + - '4.18.0 onwards' unaffected_versions: [] cve-2021-45046: investigated: false @@ -450,7 +450,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: APEX Compounder + product: APEX® Compounder cves: cve-2021-4104: investigated: false @@ -480,7 +480,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: DoseTrac Server, DoseLink Server, and Space® Online Suite Server software + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -510,7 +510,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Outlook Safety Infusion System Pump family + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -540,7 +540,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Pinnacle Compounder + product: Pinnacle® Compounder cves: cve-2021-4104: investigated: false @@ -570,7 +570,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Pump, SpaceStation, and Space Wireless Battery + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -600,8 +600,8 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor Space - Infusion + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion cves: cve-2021-4104: investigated: false @@ -630,8 +630,8 @@ software: references: - '' last_updated: '2022-01-31T00:00:00' - - vendor: BCT - product: BerichtenCentrale (BCE) & Integrations + - vendor: BD + product: Arctic Sun™ Analytics cves: cve-2021-4104: investigated: false @@ -639,11 +639,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -655,14 +654,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: CORSA + - vendor: BD + product: BD Diabetes Care App Cloud cves: cve-2021-4104: investigated: false @@ -670,11 +668,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -686,14 +683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: e-Invoice + - vendor: BD + product: BD HealthSight™ Clinical Advisor cves: cve-2021-4104: investigated: false @@ -701,10 +697,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2.10.210 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -717,14 +712,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: IDT + - vendor: BD + product: BD HealthSight™ Data Manager cves: cve-2021-4104: investigated: false @@ -732,11 +726,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -748,14 +741,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: iGEN + - vendor: BD + product: BD HealthSight™ Diversion Management cves: cve-2021-4104: investigated: false @@ -763,11 +755,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -779,14 +770,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: LIBER + - vendor: BD + product: BD HealthSight™ Infection Advisor cves: cve-2021-4104: investigated: false @@ -794,10 +784,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 1.125.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -810,14 +799,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris CC Plus Guardrails Syringe Pump + product: BD HealthSight™ Inventory Optimization Analytics cves: cve-2021-4104: investigated: false @@ -825,11 +813,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -847,7 +834,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris CC Plus Syringe Pump + product: BD HealthSight™ Medication Safety cves: cve-2021-4104: investigated: false @@ -855,11 +842,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -877,7 +863,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris Enteral Plus Syringe Pump + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -885,11 +871,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -907,7 +892,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris Gateway Workstation + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -915,11 +900,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -937,7 +921,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris GP Plus Guardrails Volumetric Pump + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -945,11 +929,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -967,7 +950,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris GP Plus Volumetric Pump + product: BD Synapsys™ Informatics Solution cves: cve-2021-4104: investigated: false @@ -975,11 +958,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -997,7 +979,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris PK Plus Syringe Pump + product: BD Veritor™ COVID At Home Solution Cloud cves: cve-2021-4104: investigated: false @@ -1005,11 +987,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1026,8 +1007,8 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Alaris Technical Utility (ATU) + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -1039,7 +1020,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1051,13 +1032,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Alaris TiVA Syringe Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -1069,7 +1050,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1081,13 +1062,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Alaris VP Plus Guardrails Volumetric Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -1099,7 +1080,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1111,13 +1092,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Accuri C6 Plus + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1129,7 +1110,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1141,13 +1122,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Action Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1159,7 +1140,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1171,13 +1152,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Auto-ID Module Model + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1189,7 +1170,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1201,13 +1182,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Communications Engine + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1219,7 +1200,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1231,13 +1212,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris CQI Event Reporter + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1249,7 +1230,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1261,13 +1242,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Guardrails Editor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -1279,7 +1260,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1291,13 +1272,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Infusion Central + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1309,7 +1290,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1321,13 +1302,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris neXus CC Syringe Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1339,7 +1320,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1351,13 +1332,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris neXus Editor v5.0 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1369,7 +1350,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1381,13 +1362,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris neXus GP Volumetric Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1399,7 +1380,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1411,13 +1392,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris PCA Module Model 8120 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1429,7 +1410,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1441,13 +1422,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Plus Editor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) cves: cve-2021-4104: investigated: false @@ -1459,7 +1440,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1471,13 +1452,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Point-of-Care Software + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -1489,7 +1470,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1501,13 +1482,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Point-of-Care Unit (PCU) Model 8015 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) cves: cve-2021-4104: investigated: false @@ -1519,7 +1500,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1531,13 +1512,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Pump Module Model 8100 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) cves: cve-2021-4104: investigated: false @@ -1549,7 +1530,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1561,13 +1542,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Syringe Module Model 8110 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) cves: cve-2021-4104: investigated: false @@ -1579,7 +1560,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1591,14 +1572,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris System Mainetnance - cves: + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) + cves: cve-2021-4104: investigated: false affected_versions: [] @@ -1609,7 +1590,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1621,13 +1602,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Systems Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -1639,7 +1620,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1651,13 +1632,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Arctic Sun Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) cves: cve-2021-4104: investigated: false @@ -1669,7 +1650,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1681,13 +1662,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC 9050 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -1699,7 +1680,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1711,13 +1692,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC 9120 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) cves: cve-2021-4104: investigated: false @@ -1729,7 +1710,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1741,13 +1722,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC 9240 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) cves: cve-2021-4104: investigated: false @@ -1759,7 +1740,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1771,13 +1752,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC FX + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) cves: cve-2021-4104: investigated: false @@ -1789,7 +1770,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1801,13 +1782,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC FX40 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) cves: cve-2021-4104: investigated: false @@ -1819,7 +1800,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1831,13 +1812,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC MGIT + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) cves: cve-2021-4104: investigated: false @@ -1847,9 +1828,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1861,13 +1842,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Care Coordination Engine (CCE) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) cves: cve-2021-4104: investigated: false @@ -1877,9 +1858,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -1891,13 +1872,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Cato + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -1909,7 +1890,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1921,13 +1902,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD COR + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -1939,7 +1920,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1951,13 +1932,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Diabetes Care App Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -1969,7 +1950,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -1981,13 +1962,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD EpiCenter + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) cves: cve-2021-4104: investigated: false @@ -1999,7 +1980,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2011,13 +1992,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACS Lyse Wash Assistant + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2029,7 +2010,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2041,13 +2022,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACS Sample Prep Assistant (SPA) III + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) cves: cve-2021-4104: investigated: false @@ -2059,7 +2040,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2071,13 +2052,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACS Workflow Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) cves: cve-2021-4104: investigated: false @@ -2089,7 +2070,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2101,13 +2082,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSAria Fusion + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) cves: cve-2021-4104: investigated: false @@ -2119,7 +2100,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2131,13 +2112,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSAria II + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2149,7 +2130,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2161,13 +2142,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSAria III + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) cves: cve-2021-4104: investigated: false @@ -2179,7 +2160,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2191,13 +2172,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCalibur + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -2209,7 +2190,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2221,13 +2202,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto 10-color + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) cves: cve-2021-4104: investigated: false @@ -2239,7 +2220,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2251,13 +2232,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto 10-color clinical + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2269,7 +2250,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2281,13 +2262,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto II (w Diva 9.0) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2299,7 +2280,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2311,13 +2292,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto II clinical + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) cves: cve-2021-4104: investigated: false @@ -2329,7 +2310,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2341,13 +2322,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCelesta + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -2356,10 +2338,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -2371,13 +2353,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCount + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -2389,7 +2371,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2401,13 +2383,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSDuet + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -2419,7 +2401,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2431,13 +2413,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSLink + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -2449,7 +2431,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2461,13 +2443,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSLyric + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -2479,7 +2461,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2491,13 +2473,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSMelody + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -2509,7 +2491,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2521,13 +2503,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSPresto + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -2539,7 +2521,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2551,13 +2533,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSVerse + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -2569,7 +2551,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2581,13 +2563,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSVia + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -2599,7 +2581,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2611,13 +2593,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony A1 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -2629,7 +2611,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2641,13 +2623,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony A3 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -2659,7 +2641,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2671,13 +2653,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony A5 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -2689,7 +2671,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2701,13 +2683,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony S6 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -2719,7 +2701,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2731,13 +2713,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HD Check System + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -2749,7 +2731,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2761,13 +2743,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Clinical Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -2779,7 +2761,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2791,13 +2773,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Data Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -2809,7 +2791,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2821,13 +2803,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Diversion Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) cves: cve-2021-4104: investigated: false @@ -2839,7 +2821,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2851,13 +2833,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Infection Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -2869,7 +2851,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2881,13 +2863,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Inventory Optimization Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -2899,7 +2881,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2911,13 +2893,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Medication Safety + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -2929,7 +2911,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2941,13 +2923,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Intelliport + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -2959,7 +2941,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -2971,13 +2953,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Intelliport + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -2989,7 +2971,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3001,13 +2983,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Intelliport Medication Management System + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -3019,7 +3001,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3031,13 +3013,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Inventory Connect + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -3049,7 +3031,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3061,13 +3043,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Kiestra InoquIA + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -3079,7 +3061,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -3091,13 +3073,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Kiestra InoquIA+ + last_updated: '2022-01-31T00:00:00' + - vendor: Beijer Electronics + product: acirro+ cves: cve-2021-4104: investigated: false @@ -3105,11 +3087,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3121,13 +3102,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis Supply + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BFI frequency inverters cves: cve-2021-4104: investigated: false @@ -3135,11 +3116,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3151,13 +3131,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BSD servo drives cves: cve-2021-4104: investigated: false @@ -3165,11 +3145,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -3181,13 +3160,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: CloudVPN cves: cve-2021-4104: investigated: false @@ -3195,10831 +3174,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD MAX - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Phoenix 100 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Phoenix AP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Phoenix M50 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Prevue II Peripheral Vascular Access System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Probetec - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Anesthesia Station 4000 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Anesthesia Station ES - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis CIISafe - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis CUBIE System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis ES System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis IV Prep - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Logistics (Pyxis Pharmogistics) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Med Link Queue & Waste - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis MedBank - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis MedStation 4000 System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Medstation ES - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Order Viewer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis ParAssist - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis PARx - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis PharmoPack - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis RapidRx - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis ReadyMed - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis SupplyStation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Tissue & Implant Management System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Track and Deliver - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD ReadyMed - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Remote Support Services (RSS) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rhapsody Single-Cell Analysis System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Dose (Windows 10 platform) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Dose (Windows 7 Workstations only) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Pouch Packaging Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa ProLog - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Smart - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Vmax - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Sensica Urine Output System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Site~Rite 8 Ultrasound Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys Informatics Solution - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Totalys DataLink - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Totalys Multiprocessor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Totalys SlidePrep - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor COVID At Home Solution Cloud - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Viper LT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Viper XTR - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: CoreLite - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: EnCor Enspire Breast Biopsy System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: EnCor Ultra Breast Biopsy System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: FlowJo Portal - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: FlowJo Software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Influx - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: LSRFortessa - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: LSRFortessa X-20 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: PleurX - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: QUANTAFLO Peripheral Arterial Disease Test - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Restock Order - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: SeqGeq Software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Sherlock 3CG Standalone Tip Confirmation Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Site~Rite PICC Ultrasound Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Site~Rite Prevue Plus Ultrasound Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Specimen Collection Verification - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Beckman Coulter - product: Access 2 (Immunoassay System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ac•T 5diff (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ac•T Family (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU2700 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU480 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU5400 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU5800 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU640 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU680 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 1200 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 1250 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 2500 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 2550 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxA 5000 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxA 5000 Fit (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 500 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 520 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 560 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 600 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 690T (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 800 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 900 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH SMS (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH SMS II (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM Autoplak (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM WalkAway 1040 (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM WalkAway 1096 (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Command Central (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Customers can follow instructions to remove log4j - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Insights (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Patch has been applied. - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Inventory Manager (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Workflow Manager (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxU Workcell (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxUc (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxUm (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HighFlexX Software (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HmX (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HmX AL (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iChemVELOCITY (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: IMMAGE 800 (Nephelometry) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Intelligent Sample Banking ISB (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ipaw (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iQ Workcell (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iQ200 (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iRICELL (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter - (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: The only known instance of vulnerability due to Log4J is using Axeda services - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH 500 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH Slidemaker (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH Slidestraine (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH750 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH780 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH785 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: MicroScan autoSCAN-4 (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PK7300 (Blood Bank) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PK7400 (Blood Bank) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Express (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Link (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Processor (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PROService (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: RAP Box (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: REMISOL ADVANCE (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Sorting Drive (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxC 600 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxC 800 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxI 600 (Immunoassay System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxI 800 (Immunoassay System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 40 plus (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 40 SI (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 96 plus (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 96 SI (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beijer Electronics - product: acirro+ - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BFI frequency inverters - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BSD servo drives - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: CloudVPN - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: FnIO-G and M Distributed IO - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: iX Developer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto modular PLC - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto Xpress compact controller - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: WARP Engineering Studio - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Belden - product: Hirschmann Networking Devices and Software Tools - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://hirschmann-support.belden.com/file.php/18672XKMWSCRYGG186719202C5BA4/Hirschmann_Statement_Log4j_Vulnerability_Dec2021.pdf - notes: Hirschmann is a brand of Belden. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bender - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.bender.de/en/cert - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical - product: Request Tracker (RT) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical - product: Request Tracker for Incident Response (RTIR) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BigBlueButton - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/bigbluebutton/bigbluebutton/issues/13897 - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BioJava - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/biojava/biojava/releases/tag/biojava-6.0.4 - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BioMerieux - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BisectHosting - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitDefender - product: GravityZone On-Prem - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitNami By VMware - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://docs.bitnami.com/general/security/security-2021-12-10/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitRise - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bitwarden - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Biztory - product: Fivetran - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.biztory.com/blog/apache-log4j2-vulnerability - notes: '' - references: - - Vendor review indicated Fivetran is not vulnerable to Log4j2 - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Black Kite - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BlackBerry - product: 2FA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BlackBerry - product: Enterprise Mobility Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 2.12 and above - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BlackBerry - product: Workspaces On-Prem Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blancco - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bluemind - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 3.5.x - - 4.x - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://twitter.com/bluemind/status/1470379923034578946?s=20A - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blumira - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.blumira.com/cve-2021-44228-log4shell/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: 3270 SUPEROPTIMIZER/CI - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: 3270 SUPEROPTIMIZER/CICS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Application Restart Control for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Application Restart Control for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Application Restart Control for VSAM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Bladelogic Database Automation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Apptune for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Backup and Recovery for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Batch Optimizer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Capacity Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Catalog Manager for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Catalog Manager for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for IMS for DBCTL - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for IMS TM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager Virtual Terminal for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Check for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Command Center for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Command Center for Security - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Console Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Copy for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Cost Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Data Packer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Database Administration for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Database Advisor for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Database Performance for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Datastream for Ops - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for McAfee DAM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for Ops Insight - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for z/Linux - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for z/OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for z/OS GSIP Package - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender TCP/IP Receiver - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender z/VM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI DevOps for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Energizer for IMS Connect - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Enterprise Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Extended Terminal Assist for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Indexer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Analyzer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Image Copy for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Reorg for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Restructure for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Recovery for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Restart for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Integrity for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Large Object Management for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Load for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI LOBMaster for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Log Analyzer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Log Master for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Message Advisor for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Online Reorg for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Automation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Automation for Capping - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Common Rest API (CRA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops for Networks - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Infrastructure (MVI) - CRA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Insight - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for CICS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for CMF - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for IMS Offline - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for IMS Online - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for IP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for JE - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for MQ - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for USS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for WAS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for z/OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor SYSPROG Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops UI - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Partitioned Database Facility for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Pointer Checker for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Pool Advisor for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Recover for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Recovery for VSAM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Recovery Manager for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Reorg for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Reorg for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Administrator - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Policy Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Self Service Password Reset - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI SQL Explorer for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI SQL Performance for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Stats for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Storage - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Unload for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Utility Mangement for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Utility Mangemer for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Utlities for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Application Accelerator for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Check Plus for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Client Gateway (Kaazing) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Client Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Abend-Aid - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Application Audit - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware DevEnterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Enterprise Common Components (ECC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Enterprise Services (CES) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID Data Privacy - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID Data Solutions - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID/MVS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID/RDX - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Hiperstation ALL Product Offerings - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware ISPW - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware iStrobe - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Program Analyzer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Storage Backup and Recovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Storage Migration - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Storage Performance - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Strobe - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware ThruPut Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Connect (including NXPromote) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Enterprise Data - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz for Java Performance - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz for Total Test - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Program Analysis - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Workbench - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/CICS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/Code Coverage - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/TSO and IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/Xchange - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz zAdviser - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC COPE for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC DASD Manger for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Database Recovery Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Db2 Plus Utilities - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent Configuration Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent for SAP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent for Unix/Linux - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent for Windows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender App for Splunk - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SIEM Correlation Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SIEM for Motorola - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SIEM for NNT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SyslogDefender - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Windows Agent for Splunk - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Digital Workplace Advanced (DWPA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Digital Workplace Basic (DWP) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Digital Workplace Catalog (DWPC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Discovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Discovery for z/OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Business Workflows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization (REE) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization - Agents - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Data Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery Outpost - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 21.x and below - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 21.x - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Knowledge Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Platform - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC License Usage Collection Utility - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC LOADPLUS for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Explorer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Middleware Administrator - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Middleware Monitor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Transaction Analyzer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Vistapoint & Energizer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MAXM Reorg for IMS with Online/Defrag Feature - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MAXM Reorg/EP for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Next Generation Logger (NGL) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Opertune for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL Agent - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL Agent (TSOM & BHOM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL for Linux KM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL for Sybase - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL Knowledge Modules - PATROL KM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: Except Sybase and Linux - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Plus Utilities - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy AR System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy CMDB - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy ITSM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy Mid-Tier - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy SLM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy Smart Reporting - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy SmartIT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy SRM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Reorg Plus for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO Agent - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO Auth Proxy - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO DataTransfer Tool - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Runtime Component System (RTCS) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Automation Console - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Automation for Networks - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Automation for Servers - Data Wharehouse - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Capacity Optimization - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Capacity Optimization - Agents - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - App Visibility Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - Infrastructure Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - IT Data Analytics - cves: - cve-2021-4104: - investigated: false + investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14031,13 +3189,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - Presenttion Server + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: FnIO-G and M Distributed IO cves: cve-2021-4104: investigated: false @@ -14045,41 +3203,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management Reporting - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14091,13 +3218,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Orchestration + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: iX Developer cves: cve-2021-4104: investigated: false @@ -14105,41 +3232,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Server Automation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14151,13 +3247,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Smart Reporting + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto modular PLC cves: cve-2021-4104: investigated: false @@ -14165,41 +3261,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Smart Reporting Platform - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14211,13 +3276,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Vulnerability Management + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto Xpress compact controller cves: cve-2021-4104: investigated: false @@ -14225,10 +3290,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -14241,13 +3305,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TSCO for Mainframes + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: WARP Engineering Studio cves: cve-2021-4104: investigated: false @@ -14255,11 +3319,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14271,13 +3334,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Unload Plus for Db2 + last_updated: '2021-12-22T00:00:00' + - vendor: Bender + product: '' cves: cve-2021-4104: investigated: false @@ -14285,11 +3348,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14301,13 +3363,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.bender.de/en/cert notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC User Interface Middleware (UIM) + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) + product: '' cves: cve-2021-4104: investigated: false @@ -14315,11 +3378,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14331,13 +3393,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Change Accumulation Plus + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -14347,9 +3409,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14361,13 +3423,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Concurrent Reorg Facility + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -14377,9 +3439,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - '21.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14391,13 +3453,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Conditional Image Copy + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -14409,7 +3471,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -14421,13 +3483,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Control-M + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -14435,10 +3497,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -14451,13 +3512,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: DASD Manager Plus for Db2 + - vendor: BioMerieux + product: '' cves: cve-2021-4104: investigated: false @@ -14465,11 +3526,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14481,13 +3541,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Data Accelerator Compression + last_updated: '2021-12-22T00:00:00' + - vendor: BisectHosting + product: '' cves: cve-2021-4104: investigated: false @@ -14495,11 +3555,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14511,13 +3570,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Delta IMS DB/DC + - vendor: BitDefender + product: '' cves: cve-2021-4104: investigated: false @@ -14525,11 +3584,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14541,13 +3599,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Delta IMS Virtual Terminal + - vendor: BitNami By VMware + product: '' cves: cve-2021-4104: investigated: false @@ -14555,11 +3613,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14571,13 +3628,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://docs.bitnami.com/general/security/security-2021-12-10/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: ExceptionReporter + - vendor: BitRise + product: '' cves: cve-2021-4104: investigated: false @@ -14585,11 +3642,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14601,13 +3657,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Extended Buffer Manager + - vendor: Bitwarden + product: '' cves: cve-2021-4104: investigated: false @@ -14615,11 +3671,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14631,13 +3686,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Analyzer/EP + - vendor: Biztory + product: Fivetran cves: cve-2021-4104: investigated: false @@ -14645,11 +3700,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14661,13 +3715,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.biztory.com/blog/apache-log4j2-vulnerability notes: '' references: - - '' + - Vendor review indicated Fivetran is not vulnerable to Log4j2 last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Facility + - vendor: Black Kite + product: '' cves: cve-2021-4104: investigated: false @@ -14675,11 +3729,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14691,13 +3744,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Facility/EP + - vendor: Blancco + product: '' cves: cve-2021-4104: investigated: false @@ -14705,11 +3758,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14721,13 +3773,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Reorg/EP + - vendor: Blumira + product: '' cves: cve-2021-4104: investigated: false @@ -14735,11 +3787,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14751,13 +3802,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.blumira.com/cve-2021-44228-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FASTCOPY + product: Bladelogic Database Automation cves: cve-2021-4104: investigated: false @@ -14765,11 +3816,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14787,7 +3837,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FASTCPK + product: BMC AMI Ops cves: cve-2021-4104: investigated: false @@ -14795,11 +3845,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14817,7 +3866,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDR + product: BMC AMI Products cves: cve-2021-4104: investigated: false @@ -14825,11 +3874,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14847,7 +3895,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDR/UPSTREAM + product: BMC Compuware cves: cve-2021-4104: investigated: false @@ -14855,11 +3903,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14877,7 +3924,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRABR + product: BMC Helix Automation Console cves: cve-2021-4104: investigated: false @@ -14885,11 +3932,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14907,7 +3953,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRERASE + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -14915,11 +3961,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14937,7 +3982,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRMOVE + product: BMC Helix Client Management cves: cve-2021-4104: investigated: false @@ -14945,11 +3990,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14967,7 +4011,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRPAS + product: BMC Helix Cloud Cost cves: cve-2021-4104: investigated: false @@ -14975,11 +4019,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -14997,7 +4040,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRPASVM + product: BMC Helix Cloud Security cves: cve-2021-4104: investigated: false @@ -15005,11 +4048,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15027,7 +4069,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRREORG + product: BMC Helix CMDB cves: cve-2021-4104: investigated: false @@ -15035,11 +4077,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15057,7 +4098,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Footprints + product: BMC Helix Continuous Optimization cves: cve-2021-4104: investigated: false @@ -15065,11 +4106,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15087,7 +4127,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: IAM + product: BMC Helix Control-M cves: cve-2021-4104: investigated: false @@ -15095,11 +4135,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15117,7 +4156,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Image Copy Plus + product: BMC Helix Digital Workplace cves: cve-2021-4104: investigated: false @@ -15125,11 +4164,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15147,7 +4185,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: LOADPLUS for IMS + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -15155,11 +4193,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15177,7 +4214,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: LOADPLUS/EP for IMS + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -15185,11 +4222,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15207,7 +4243,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Local Copy Plus + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -15215,11 +4251,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15237,7 +4272,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Partner KMs Hardware Sentry Open Telemetry Collector + product: BMC Helix Operations Management with AIOps cves: cve-2021-4104: investigated: false @@ -15245,10 +4280,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15267,7 +4301,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Partner KMs Storage All-in-One ETL for BMC Truesight Capacity Optimization + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -15275,10 +4309,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15297,7 +4330,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Partner KMs Storage Analyzer for PATROL + product: BMC Helix platform cves: cve-2021-4104: investigated: false @@ -15305,10 +4338,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -15327,7 +4359,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Prefix Resolution Plus + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -15335,11 +4367,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15357,7 +4388,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Prefix Update for IMS + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -15365,11 +4396,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15387,7 +4417,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Recovery Advisor for IMS + product: BMC Helix Remedyforce cves: cve-2021-4104: investigated: false @@ -15395,11 +4425,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15417,7 +4446,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Recovery Manager for IMS + product: BMC Helix Virtual Agent cves: cve-2021-4104: investigated: false @@ -15425,11 +4454,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15447,7 +4475,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Recovery Plus for IMS + product: Cloud Lifecycle Management cves: cve-2021-4104: investigated: false @@ -15455,11 +4483,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15477,7 +4504,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Release Package and Deployment + product: Control-M cves: cve-2021-4104: investigated: false @@ -15485,11 +4512,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15507,7 +4533,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Release Process Management + product: Footprints cves: cve-2021-4104: investigated: false @@ -15515,11 +4541,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15537,7 +4562,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Resident Security Server + product: MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -15545,11 +4570,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15567,7 +4591,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Secondary Index Utility + product: MainView Middleware Monitor cves: cve-2021-4104: investigated: false @@ -15575,11 +4599,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15597,7 +4620,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Secondary Index Utility/EP + product: Remedy ITSM (IT Service Management) cves: cve-2021-4104: investigated: false @@ -15605,11 +4628,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15627,7 +4649,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Snapshot Upgrade Feature + product: SmartIT cves: cve-2021-4104: investigated: false @@ -15635,11 +4657,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15665,11 +4686,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15687,7 +4707,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: ULTRAOPT/CICS + product: TrueSight Automation for Networks cves: cve-2021-4104: investigated: false @@ -15695,11 +4715,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15717,7 +4736,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: ULTRAOPT/IMS + product: TrueSight Automation for Servers cves: cve-2021-4104: investigated: false @@ -15725,11 +4744,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15747,7 +4765,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: UNLOAD PLUS for IMS + product: TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -15755,11 +4773,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15777,7 +4794,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: UNLOAD PLUS/EP for IMS + product: TrueSight Infrastructure Management cves: cve-2021-4104: investigated: false @@ -15785,11 +4802,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15807,7 +4823,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: UXF for IMS (non product) + product: TrueSight Operations Management cves: cve-2021-4104: investigated: false @@ -15815,11 +4831,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -15837,7 +4852,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: zDetect + product: TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -15845,11 +4860,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] From 28d87a047f4de7f0f160e45fdca45ed78b202571 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 16 Feb 2022 12:34:14 +0000 Subject: [PATCH 259/268] Update the software list --- SOFTWARE-LIST.md | 504 +- data/cisagov.yml | 12312 +++---------------------------------------- data/cisagov_B.yml | 4 +- 3 files changed, 735 insertions(+), 12085 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 2edd23e..05c5123 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -388,159 +388,25 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Barracuda | All | | | Unknown | [link](https://www.barracuda.com/company/legal/trust-center) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Basis Technology | Autopsy | | 4.18.0 onwards | Fixed | [link](https://www.autopsy.com/autopsy-and-log4j-vulnerability/) | version 4.18.0 onwards use Apache Solr 8. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Baxter | All | | | Unknown | [link](https://www.baxter.com/sites/g/files/ebysai746/files/2021-12/Apache_Log4j_Vulnerability.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BBraun | APEX Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | DoseTrac Server, DoseLink Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Outlook Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Pinnacle Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Pump, SpaceStation, and Space Wireless Battery | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BBraun | Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor Space Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | -| BCT | BerichtenCentrale (BCE) & Integrations | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BCT | CORSA | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BCT | e-Invoice | | 2.10.210 | Fixed | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BCT | IDT | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BCT | iGEN | | | Not Affected | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BCT | LIBER | | 1.125.3 | Fixed | [link](https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris CC Plus Guardrails Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris CC Plus Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris Enteral Plus Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris Gateway Workstation | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris GP Plus Guardrails Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris GP Plus Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris PK Plus Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris Technical Utility (ATU) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris TiVA Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Alaris VP Plus Guardrails Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Accuri C6 Plus | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Action Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Auto-ID Module Model | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Communications Engine | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris CQI Event Reporter | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Guardrails Editor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Infusion Central | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris neXus CC Syringe Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris neXus Editor v5.0 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris neXus GP Volumetric Pump | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris PCA Module Model 8120 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Plus Editor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Point-of-Care Software | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Point-of-Care Unit (PCU) Model 8015 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Pump Module Model 8100 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Syringe Module Model 8110 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris System Mainetnance | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Alaris Systems Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Arctic Sun Analytics | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD BACTEC 9050 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD BACTEC 9120 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD BACTEC 9240 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD BACTEC FX | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD BACTEC FX40 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD BACTEC MGIT | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Care Coordination Engine (CCE) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Cato | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD COR | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Diabetes Care App Cloud | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD EpiCenter | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACS Lyse Wash Assistant | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACS Sample Prep Assistant (SPA) III | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACS Workflow Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSAria Fusion | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSAria II | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSAria III | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCalibur | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCanto 10-color | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCanto 10-color clinical | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCanto II (w Diva 9.0) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCanto II clinical | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCelesta | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSCount | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSDuet | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSLink | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSLyric | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSMelody | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSPresto | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSVerse | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSVia | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSymphony A1 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSymphony A3 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSymphony A5 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD FACSymphony S6 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HD Check System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight Clinical Advisor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight Data Manager | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight Diversion Management | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight Infection Advisor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight Inventory Optimization Analytics | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD HealthSight Medication Safety | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Intelliport | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Intelliport | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Intelliport Medication Management System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Inventory Connect | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Kiestra InoquIA | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Kiestra InoquIA+ | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Knowledge Portal for BD Pyxis Supply | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Knowledge Portal for Infusion Technologies | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Knowledge Portal for Medication Technologies | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD MAX | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Phoenix 100 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Phoenix AP | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Phoenix M50 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Prevue II Peripheral Vascular Access System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Probetec | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Anesthesia Station 4000 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Anesthesia Station ES | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis CIISafe | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis CUBIE System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis ES System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis IV Prep | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Logistics (Pyxis Pharmogistics) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Med Link Queue & Waste | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis MedBank | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis MedStation 4000 System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Medstation ES | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Order Viewer | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis ParAssist | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis PARx | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis PharmoPack | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis RapidRx | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis ReadyMed | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis SupplyStation | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Tissue & Implant Management System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Pyxis Track and Deliver | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD ReadyMed | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Remote Support Services (RSS) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rhapsody Single-Cell Analysis System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rowa Dose (Windows 10 platform) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rowa Dose (Windows 7 Workstations only) | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rowa Pouch Packaging Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rowa ProLog | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rowa Smart | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Rowa Vmax | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Sensica Urine Output System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Site~Rite 8 Ultrasound Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Synapsys Informatics Solution | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Totalys DataLink | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Totalys Multiprocessor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Totalys SlidePrep | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Veritor | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Veritor COVID At Home Solution Cloud | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Viper LT | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | BD Viper XTR | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | CoreLite | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | EnCor Enspire Breast Biopsy System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | EnCor Ultra Breast Biopsy System | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | FlowJo Portal | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | FlowJo Software | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Influx | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | LSRFortessa | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | LSRFortessa X-20 | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | PleurX | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | QUANTAFLO Peripheral Arterial Disease Test | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Restock Order | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | SeqGeq Software | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Sherlock 3CG Standalone Tip Confirmation Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Site~Rite PICC Ultrasound Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Site~Rite Prevue Plus Ultrasound Systems | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| BD | Specimen Collection Verification | | | Not Affected | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BBraun | APEX® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software | | All | Fixed | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Outlook® Safety Infusion System Pump family | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pinnacle® Compounder | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Pump, SpaceStation, and Space® Wireless Battery) | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BBraun | Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® Space® Infusion | | | Not Affected | [link](https://www.bbraunusa.com/content/dam/b-braun/us/website/customer_communications/21-0894C_Statement_Cybersecurity_Apache_Log4J_Sheet_FINAL_121621.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | +| BD | Arctic Sun™ Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Diabetes Care App Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight™ Clinical Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight™ Data Manager | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight™ Diversion Management | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight™ Infection Advisor | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight™ Inventory Optimization Analytics | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD HealthSight™ Medication Safety | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Knowledge Portal for BD Pyxis™ Supply | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Knowledge Portal for Infusion Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Knowledge Portal for Medication Technologies | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Synapsys™ Informatics Solution | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | +| BD | BD Veritor™ COVID At Home Solution Cloud | | | Unknown | [link](https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Beckman Coulter | Access 2 (Immunoassay System) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beckman Coulter | Ac•T 5diff (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | | Beckman Coulter | Ac•T Family (Hematology) | | | Not Affected | [link](https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-31 | @@ -619,289 +485,59 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Beijer Electronics | Nexto modular PLC | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | Nexto Xpress compact controller | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Beijer Electronics | WARP Engineering Studio | | | Unknown | [link](https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| Belden | Hirschmann Networking Devices and Software Tools | | | Not Affected | [link](https://hirschmann-support.belden.com/file.php/18672XKMWSCRYGG186719202C5BA4/Hirschmann_Statement_Log4j_Vulnerability_Dec2021.pdf) | Hirschmann is a brand of Belden. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Bender | All | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Best Practical | Request Tracker (RT) | | | Not Affected | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Best Practical | Request Tracker for Incident Response (RTIR) | | | Not Affected | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BeyondTrust | Privilege Management Cloud | | | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | +| Bender | | | | Unknown | [link](https://www.bender.de/en/cert) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Best Practical Request Tracker (RT) and Request Tracker for Incident Response (RTIR) | | | | Unknown | [link](https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BeyondTrust | Privilege Management Cloud | | Unknown | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Privilege Management Reporting in BeyondInsight | | 21.2 | Fixed | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | | BeyondTrust | Secure Remote Access appliances | | | Not Affected | [link](https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-17 | -| BigBlueButton | All | | | Not Affected | [link](https://github.com/bigbluebutton/bigbluebutton/issues/13897) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| BioJava | All | | | Fixed | [link](https://github.com/biojava/biojava/releases/tag/biojava-6.0.4) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| BioMerieux | All | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | -| BisectHosting | All | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BitDefender | GravityZone On-Prem | | | Not Affected | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BitNami By VMware | | | | Fixed | [link](https://docs.bitnami.com/general/security/security-2021-12-10/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BitRise | All | | | Unknown | [link](https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Bitwarden | All | | | Not Affected | [link](https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Biztory | Fivetran | | | Not Affected | [link](https://www.biztory.com/blog/apache-log4j2-vulnerability) | | Vendor review indicated Fivetran is not vulnerable to Log4j2 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Black Kite | All | | | Unknown | [link](https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BlackBerry | 2FA | | All | Fixed | [link](https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BlackBerry | Enterprise Mobility Server | | 2.12 and above | Fixed | [link](https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BlackBerry | Workspaces On-Prem Server | | All | Fixed | [link](https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Blancco | All | | | Unknown | [link](https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Bluemind | All | | | Not Affected | [link](https://twitter.com/bluemind/status/1470379923034578946?s=20A) | This advisory is available to customer only and has not been reviewed by CISA. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| Blumira | All | | | Unknown | [link](https://www.blumira.com/cve-2021-44228-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | 3270 SUPEROPTIMIZER/CI | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | 3270 SUPEROPTIMIZER/CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Application Restart Control for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Application Restart Control for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Application Restart Control for VSAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Bladelogic Database Automation | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Apptune for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Backup and Recovery for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Batch Optimizer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Capacity Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Catalog Manager for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Catalog Manager for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Change Manager for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Change Manager for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Change Manager for IMS for DBCTL | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Change Manager for IMS TM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Change Manager Virtual Terminal for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Check for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Command Center for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Command Center for Security | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Console Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Copy for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Cost Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Data Packer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Database Administration for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Database Advisor for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Database Performance for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Datastream for Ops | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for McAfee DAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for Ops Insight | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for z/Linux | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for z/OS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender for z/OS GSIP Package | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender TCP/IP Receiver | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Defender z/VM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI DevOps for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Energizer for IMS Connect | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Enterprise Connector | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Extended Terminal Assist for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Indexer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Online Analyzer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Online Image Copy for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Online Reorg for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Online Restructure for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Recovery for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Fast Path Restart for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Integrity for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Large Object Management for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Load for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI LOBMaster for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Log Analyzer for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Log Master for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Message Advisor for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Online Reorg for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Automation | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Automation for Capping | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Common Rest API (CRA) | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops for Networks | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Infrastructure (MVI) - CRA | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Insight | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for CMF | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for IMS Offline | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for IMS Online | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for IP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for JE | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for MQ | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for USS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for WAS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor for z/OS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops Monitor SYSPROG Services | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Ops UI | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Partitioned Database Facility for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Pointer Checker for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Pool Advisor for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Recover for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Recovery for VSAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Recovery Manager for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Reorg for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Reorg for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Security Administrator | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Security Policy Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Security Self Service Password Reset | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI SQL Explorer for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI SQL Performance for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Stats for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Storage | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Unload for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Utility Mangement for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Utility Mangemer for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC AMI Utlities for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Application Accelerator for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Check Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Client Gateway (Kaazing) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Client Management | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Abend-Aid | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Application Audit | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware DevEnterprise | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Enterprise Common Components (ECC) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Enterprise Services (CES) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware File-AID Data Privacy | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware File-AID Data Solutions | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware File-AID for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware File-AID for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware File-AID/MVS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware File-AID/RDX | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Hiperstation ALL Product Offerings | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware ISPW | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware iStrobe | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Program Analyzer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Storage Backup and Recovery | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Storage Migration | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Storage Performance | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Strobe | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware ThruPut Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Connect (including NXPromote) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Enterprise Data | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz for Java Performance | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz for Total Test | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Program Analysis | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Workbench | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Xpediter/CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Xpediter/Code Coverage | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Xpediter/TSO and IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz Xpediter/Xchange | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Compuware Topaz zAdviser | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC COPE for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC DASD Manger for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Database Recovery Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Db2 Plus Utilities | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender Agent Configuration Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender Agent for SAP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender Agent for Unix/Linux | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender Agent for Windows | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender App for Splunk | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender SIEM Correlation Server | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender SIEM for Motorola | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender SIEM for NNT | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender SyslogDefender | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Defender Windows Agent for Splunk | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Digital Workplace Advanced (DWPA) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Digital Workplace Basic (DWP) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Digital Workplace Catalog (DWPC) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Discovery | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Discovery for z/OS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Business Workflows | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Continuous Optimization (REE) | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Continuous Optimization - Agents | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Data Manager | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Discovery | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Discovery Outpost | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix ITSM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix ITSM | | 21.x | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Knowledge Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Helix Platform | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC License Usage Collection Utility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC LOADPLUS for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MainView Explorer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MainView Middleware Administrator | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MainView Middleware Monitor | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MainView Transaction Analyzer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MainView Vistapoint & Energizer | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MAXM Reorg for IMS with Online/Defrag Feature | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MAXM Reorg/EP for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC MAXM Reorg/EP for IMS with Online/Defrag Feature | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Next Generation Logger (NGL) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Opertune for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC PATROL Agent | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC PATROL Agent (TSOM & BHOM) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC PATROL for Linux KM | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC PATROL for Sybase | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC PATROL Knowledge Modules - PATROL KM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | Except Sybase and Linux | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Plus Utilities | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy AR System | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy CMDB | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy ITSM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy Mid-Tier | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy SLM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy Smart Reporting | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy SmartIT | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Remedy SRM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Reorg Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC RSSO Agent | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC RSSO Auth Proxy | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC RSSO DataTransfer Tool | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC RSSO Server | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Runtime Component System (RTCS) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Automation Console | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Automation for Networks | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Automation for Servers - Data Wharehouse | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Capacity Optimization | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Capacity Optimization - Agents | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Operations Management - App Visibility Manager | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Operations Management - Infrastructure Management | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Operations Management - IT Data Analytics | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Operations Management - Presenttion Server | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Operations Management Reporting | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Orchestration | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Server Automation | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Smart Reporting | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Smart Reporting Platform | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TrueSight Vulnerability Management | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC TSCO for Mainframes | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC Unload Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | BMC User Interface Middleware (UIM) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Change Accumulation Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Concurrent Reorg Facility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Conditional Image Copy | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Control-M | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | DASD Manager Plus for Db2 | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Data Accelerator Compression | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Delta IMS DB/DC | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Delta IMS Virtual Terminal | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | ExceptionReporter | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Extended Buffer Manager | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Fast Path Analyzer/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Fast Path Facility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Fast Path Facility/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Fast Path Reorg/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FASTCOPY | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FASTCPK | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDR | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDR/UPSTREAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDRABR | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDRERASE | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDRMOVE | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDRPAS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDRPASVM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | FDRREORG | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Footprints | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | IAM | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Image Copy Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | LOADPLUS for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | LOADPLUS/EP for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Local Copy Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Partner KMs Hardware Sentry Open Telemetry Collector | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Partner KMs Storage All-in-One ETL for BMC Truesight Capacity Optimization | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Partner KMs Storage Analyzer for PATROL | | | Fixed | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Prefix Resolution Plus | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Prefix Update for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Recovery Advisor for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Recovery Manager for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Recovery Plus for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Release Package and Deployment | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Release Process Management | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Resident Security Server | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Secondary Index Utility | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Secondary Index Utility/EP | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Snapshot Upgrade Feature | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | Track-It! | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | ULTRAOPT/CICS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | ULTRAOPT/IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | UNLOAD PLUS for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | UNLOAD PLUS/EP for IMS | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | UXF for IMS (non product) | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | -| BMC | zDetect | | | Not Affected | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BeyondTrust Bomgar | | | | Unknown | [link](https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BioMerieux | | | | Unknown | [link](https://www.biomerieux.com/en/cybersecurity-data-privacy) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | +| BisectHosting | | | | Unknown | [link](https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BitDefender | | | | Unknown | [link](https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BitNami By VMware | | | | Unknown | [link](https://docs.bitnami.com/general/security/security-2021-12-10/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BitRise | | | | Unknown | [link](https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Bitwarden | | | | Unknown | [link](https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Biztory | Fivetran | | | Unknown | [link](https://www.biztory.com/blog/apache-log4j2-vulnerability) | | Vendor review indicated Fivetran is not vulnerable to Log4j2 | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Black Kite | | | | Unknown | [link](https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Blancco | | | | Unknown | [link](https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| Blumira | | | | Unknown | [link](https://www.blumira.com/cve-2021-44228-log4shell/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Bladelogic Database Automation | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Ops | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC AMI Products | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Compuware | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Automation Console | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Business Workflows | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Client Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Cloud Cost | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Cloud Security | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix CMDB | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Continuous Optimization | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Control-M | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Digital Workplace | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Discovery | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix ITSM | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Knowledge Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Operations Management with AIOps | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Platform | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix platform | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Remediate | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Remediate | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Remedyforce | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | BMC Helix Virtual Agent | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Cloud Lifecycle Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Control-M | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Footprints | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | MainView Middleware Administrator | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | MainView Middleware Monitor | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Remedy ITSM (IT Service Management) | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | SmartIT | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | Track-It! | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | TrueSight Automation for Networks | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | TrueSight Automation for Servers | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | TrueSight Capacity Optimization | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | TrueSight Infrastructure Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | TrueSight Operations Management | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | +| BMC | TrueSight Orchestration | | | Unknown | [link](https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | | Bosch | | | | Unknown | [link](https://bosch-iot-suite.com/news/apache-log4j-rce-vulnerability/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 | | Boston Scientific | | | | Unknown | [link](https://www.bostonscientific.com/content/dam/bostonscientific/corporate/product-security/bsc_statement_on_apache_log4j-v1.pdf) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Box | | | | Unknown | [link](https://blog.box.com/boxs-statement-recent-log4j-vulnerability-cve-2021-44228) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 | diff --git a/data/cisagov.yml b/data/cisagov.yml index 53171c1..ea7a263 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -11116,7 +11116,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BBraun - product: APEX Compounder + product: APEX® Compounder cves: cve-2021-4104: investigated: false @@ -11146,7 +11146,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: DoseTrac Server, DoseLink Server, and Space® Online Suite Server software + product: DoseTrac® Server, DoseLink™ Server, and Space® Online Suite Server software cves: cve-2021-4104: investigated: false @@ -11176,7 +11176,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Outlook Safety Infusion System Pump family + product: Outlook® Safety Infusion System Pump family cves: cve-2021-4104: investigated: false @@ -11206,7 +11206,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Pinnacle Compounder + product: Pinnacle® Compounder cves: cve-2021-4104: investigated: false @@ -11236,7 +11236,7 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Pump, SpaceStation, and Space Wireless Battery + product: Pump, SpaceStation, and Space® Wireless Battery) cves: cve-2021-4104: investigated: false @@ -11266,8 +11266,8 @@ software: - '' last_updated: '2022-01-31T00:00:00' - vendor: BBraun - product: Space Infusion Pump family (Infusomat Space Infusion Pump, Perfusor Space - Infusion + product: Space® Infusion Pump family (Infusomat® Space® Infusion Pump, Perfusor® + Space® Infusion cves: cve-2021-4104: investigated: false @@ -11296,8 +11296,8 @@ software: references: - '' last_updated: '2022-01-31T00:00:00' - - vendor: BCT - product: BerichtenCentrale (BCE) & Integrations + - vendor: BD + product: Arctic Sun™ Analytics cves: cve-2021-4104: investigated: false @@ -11305,11 +11305,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11321,14 +11320,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: CORSA + - vendor: BD + product: BD Diabetes Care App Cloud cves: cve-2021-4104: investigated: false @@ -11336,11 +11334,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11352,14 +11349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: e-Invoice + - vendor: BD + product: BD HealthSight™ Clinical Advisor cves: cve-2021-4104: investigated: false @@ -11367,10 +11363,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 2.10.210 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -11383,14 +11378,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: IDT + - vendor: BD + product: BD HealthSight™ Data Manager cves: cve-2021-4104: investigated: false @@ -11398,11 +11392,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11414,14 +11407,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: iGEN + - vendor: BD + product: BD HealthSight™ Diversion Management cves: cve-2021-4104: investigated: false @@ -11429,11 +11421,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11445,14 +11436,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BCT - product: LIBER + - vendor: BD + product: BD HealthSight™ Infection Advisor cves: cve-2021-4104: investigated: false @@ -11460,10 +11450,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - 1.125.3 + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -11476,14 +11465,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://support.bctsoftware.com/hc/nl/signin?return_to=https%3A%2F%2Fsupport.bctsoftware.com%2Fhc%2Fnl%2Farticles%2F4413416591761 - notes: This advisory is available to customer only and has not been reviewed by - CISA. + - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + notes: '' references: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris CC Plus Guardrails Syringe Pump + product: BD HealthSight™ Inventory Optimization Analytics cves: cve-2021-4104: investigated: false @@ -11491,11 +11479,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11513,7 +11500,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris CC Plus Syringe Pump + product: BD HealthSight™ Medication Safety cves: cve-2021-4104: investigated: false @@ -11521,11 +11508,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11543,7 +11529,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris Enteral Plus Syringe Pump + product: BD Knowledge Portal for BD Pyxis™ Supply cves: cve-2021-4104: investigated: false @@ -11551,11 +11537,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11573,7 +11558,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris Gateway Workstation + product: BD Knowledge Portal for Infusion Technologies cves: cve-2021-4104: investigated: false @@ -11581,11 +11566,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11603,7 +11587,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris GP Plus Guardrails Volumetric Pump + product: BD Knowledge Portal for Medication Technologies cves: cve-2021-4104: investigated: false @@ -11611,11 +11595,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11633,7 +11616,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris GP Plus Volumetric Pump + product: BD Synapsys™ Informatics Solution cves: cve-2021-4104: investigated: false @@ -11641,11 +11624,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11663,7 +11645,7 @@ software: - '' last_updated: '2021-12-20T00:00:00' - vendor: BD - product: Alaris PK Plus Syringe Pump + product: BD Veritor™ COVID At Home Solution Cloud cves: cve-2021-4104: investigated: false @@ -11671,11 +11653,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -11692,8 +11673,8 @@ software: references: - '' last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Alaris Technical Utility (ATU) + - vendor: Beckman Coulter + product: Access 2 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -11705,7 +11686,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11717,13 +11698,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Alaris TiVA Syringe Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T 5diff (Hematology) cves: cve-2021-4104: investigated: false @@ -11735,7 +11716,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11747,13 +11728,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Alaris VP Plus Guardrails Volumetric Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ac•T Family (Hematology) cves: cve-2021-4104: investigated: false @@ -11765,7 +11746,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11777,13 +11758,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Accuri C6 Plus + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU2700 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11795,7 +11776,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11807,13 +11788,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Action Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU480 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11825,7 +11806,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11837,13 +11818,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Auto-ID Module Model + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5400 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11855,7 +11836,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11867,13 +11848,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Communications Engine + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU5800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11885,7 +11866,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11897,13 +11878,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris CQI Event Reporter + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU640 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11915,7 +11896,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11927,13 +11908,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Guardrails Editor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AU680 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -11945,7 +11926,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11957,13 +11938,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Infusion Central + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1200 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -11975,7 +11956,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -11987,13 +11968,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris neXus CC Syringe Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 1250 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12005,7 +11986,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12017,13 +11998,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris neXus Editor v5.0 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2500 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12035,7 +12016,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12047,13 +12028,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris neXus GP Volumetric Pump + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: AutoMate 2550 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12065,7 +12046,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12077,13 +12058,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris PCA Module Model 8120 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12095,7 +12076,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12107,13 +12088,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Plus Editor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxA 5000 Fit (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12125,7 +12106,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12137,13 +12118,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Point-of-Care Software + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -12155,7 +12136,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12167,13 +12148,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Point-of-Care Unit (PCU) Model 8015 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 520 (Hematology) cves: cve-2021-4104: investigated: false @@ -12185,7 +12166,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12197,13 +12178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Pump Module Model 8100 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 560 (Hematology) cves: cve-2021-4104: investigated: false @@ -12215,7 +12196,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12227,13 +12208,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Syringe Module Model 8110 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 600 (Hematology) cves: cve-2021-4104: investigated: false @@ -12245,7 +12226,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12257,13 +12238,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris System Mainetnance + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 690T (Hematology) cves: cve-2021-4104: investigated: false @@ -12275,7 +12256,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12287,13 +12268,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Alaris Systems Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 800 (Hematology) cves: cve-2021-4104: investigated: false @@ -12305,7 +12286,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12317,13 +12298,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Arctic Sun Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH 900 (Hematology) cves: cve-2021-4104: investigated: false @@ -12335,7 +12316,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12347,13 +12328,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC 9050 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS (Hematology) cves: cve-2021-4104: investigated: false @@ -12365,7 +12346,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12377,13 +12358,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC 9120 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxH SMS II (Hematology) cves: cve-2021-4104: investigated: false @@ -12395,7 +12376,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12407,13 +12388,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC 9240 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM Autoplak (Microbiology) cves: cve-2021-4104: investigated: false @@ -12425,7 +12406,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12437,13 +12418,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC FX + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1040 (Microbiology) cves: cve-2021-4104: investigated: false @@ -12455,7 +12436,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12467,13 +12448,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC FX40 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxM WalkAway 1096 (Microbiology) cves: cve-2021-4104: investigated: false @@ -12485,7 +12466,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12497,13 +12478,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD BACTEC MGIT + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Command Central (Information Systems) cves: cve-2021-4104: investigated: false @@ -12513,9 +12494,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - All + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12527,13 +12508,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Customers can follow instructions to remove log4j references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Care Coordination Engine (CCE) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Insights (Information Systems) cves: cve-2021-4104: investigated: false @@ -12543,9 +12524,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: + fixed_versions: - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -12557,13 +12538,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: Patch has been applied. references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Cato + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Inventory Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -12575,7 +12556,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12587,13 +12568,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD COR + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxONE Workflow Manager (Information Systems) cves: cve-2021-4104: investigated: false @@ -12605,7 +12586,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12617,13 +12598,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Diabetes Care App Cloud + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxU Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12635,7 +12616,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12647,13 +12628,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD EpiCenter + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUc (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12665,7 +12646,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12677,13 +12658,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACS Lyse Wash Assistant + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: DxUm (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12695,7 +12676,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12707,13 +12688,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACS Sample Prep Assistant (SPA) III + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HighFlexX Software (Microbiology) cves: cve-2021-4104: investigated: false @@ -12725,7 +12706,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12737,13 +12718,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACS Workflow Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX (Hematology) cves: cve-2021-4104: investigated: false @@ -12755,7 +12736,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12767,13 +12748,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSAria Fusion + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: HmX AL (Hematology) cves: cve-2021-4104: investigated: false @@ -12785,7 +12766,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12797,13 +12778,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSAria II + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iChemVELOCITY (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12815,7 +12796,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12827,13 +12808,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSAria III + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: IMMAGE 800 (Nephelometry) cves: cve-2021-4104: investigated: false @@ -12845,7 +12826,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12857,13 +12838,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCalibur + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Intelligent Sample Banking ISB (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12875,7 +12856,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12887,13 +12868,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto 10-color + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Ipaw (Lab Automation) cves: cve-2021-4104: investigated: false @@ -12905,7 +12886,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12917,13 +12898,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto 10-color clinical + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ Workcell (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12935,7 +12916,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12947,13 +12928,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto II (w Diva 9.0) + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iQ200 (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12965,7 +12946,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -12977,13 +12958,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCanto II clinical + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: iRICELL (Urinalysis) cves: cve-2021-4104: investigated: false @@ -12995,7 +12976,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13007,13 +12988,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCelesta + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LabPro Workstation and Database Computers Provided by Beckman Coulter + (Microbiology) cves: cve-2021-4104: investigated: false @@ -13022,10 +13004,10 @@ software: unaffected_versions: [] cve-2021-44228: investigated: true - affected_versions: [] + affected_versions: + - All fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13037,13 +13019,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates + notes: The only known instance of vulnerability due to Log4J is using Axeda services references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSCount + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH 500 (Hematology) cves: cve-2021-4104: investigated: false @@ -13055,7 +13037,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13067,13 +13049,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSDuet + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidemaker (Hematology) cves: cve-2021-4104: investigated: false @@ -13085,7 +13067,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13097,13 +13079,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSLink + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH Slidestraine (Hematology) cves: cve-2021-4104: investigated: false @@ -13115,7 +13097,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13127,13 +13109,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSLyric + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH750 (Hematology) cves: cve-2021-4104: investigated: false @@ -13145,7 +13127,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13157,13 +13139,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSMelody + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH780 (Hematology) cves: cve-2021-4104: investigated: false @@ -13175,7 +13157,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13187,13 +13169,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSPresto + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: LH785 (Hematology) cves: cve-2021-4104: investigated: false @@ -13205,7 +13187,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13217,13 +13199,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSVerse + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: MicroScan autoSCAN-4 (Microbiology) cves: cve-2021-4104: investigated: false @@ -13235,7 +13217,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13247,13 +13229,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSVia + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7300 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -13265,7 +13247,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13277,13 +13259,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony A1 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PK7400 (Blood Bank) cves: cve-2021-4104: investigated: false @@ -13295,7 +13277,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13307,13 +13289,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony A3 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Express (Lab Automation) cves: cve-2021-4104: investigated: false @@ -13325,7 +13307,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13337,13 +13319,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony A5 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Link (Lab Automation) cves: cve-2021-4104: investigated: false @@ -13355,7 +13337,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13367,13 +13349,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD FACSymphony S6 + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Power Processor (Lab Automation) cves: cve-2021-4104: investigated: false @@ -13385,7 +13367,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13397,13 +13379,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HD Check System + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: PROService (Information Systems) cves: cve-2021-4104: investigated: false @@ -13415,7 +13397,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13427,13 +13409,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Clinical Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: RAP Box (Information Systems) cves: cve-2021-4104: investigated: false @@ -13445,7 +13427,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13457,13 +13439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Data Manager + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: REMISOL ADVANCE (Information Systems) cves: cve-2021-4104: investigated: false @@ -13475,7 +13457,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13487,13 +13469,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Diversion Management + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Sorting Drive (Lab Automation) cves: cve-2021-4104: investigated: false @@ -13505,7 +13487,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13517,13 +13499,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Infection Advisor + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 600 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -13535,7 +13517,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13547,13 +13529,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Inventory Optimization Analytics + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxC 800 (Chemistry System) cves: cve-2021-4104: investigated: false @@ -13565,7 +13547,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13577,13 +13559,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD HealthSight Medication Safety + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 600 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -13595,7 +13577,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13607,13 +13589,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Intelliport + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: Unicel DxI 800 (Immunoassay System) cves: cve-2021-4104: investigated: false @@ -13625,7 +13607,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13637,13 +13619,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Intelliport + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -13655,7 +13637,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13667,13 +13649,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Intelliport Medication Management System + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 40 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -13685,7 +13667,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13697,13 +13679,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Inventory Connect + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 plus (Microbiology) cves: cve-2021-4104: investigated: false @@ -13715,7 +13697,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13727,13 +13709,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Kiestra InoquIA + last_updated: '2022-01-31T00:00:00' + - vendor: Beckman Coulter + product: WalkAway 96 SI (Microbiology) cves: cve-2021-4104: investigated: false @@ -13745,7 +13727,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - All cve-2021-45046: investigated: false affected_versions: [] @@ -13757,13 +13739,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Kiestra InoquIA+ + last_updated: '2022-01-31T00:00:00' + - vendor: Beijer Electronics + product: acirro+ cves: cve-2021-4104: investigated: false @@ -13771,11 +13753,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13787,13 +13768,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for BD Pyxis Supply + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BFI frequency inverters cves: cve-2021-4104: investigated: false @@ -13801,11 +13782,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13817,13 +13797,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Infusion Technologies + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: BSD servo drives cves: cve-2021-4104: investigated: false @@ -13831,11 +13811,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -13847,10833 +13826,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Knowledge Portal for Medication Technologies - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD MAX - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Phoenix 100 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Phoenix AP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Phoenix M50 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Prevue II Peripheral Vascular Access System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Probetec - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Anesthesia Station 4000 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Anesthesia Station ES - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis CIISafe - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis CUBIE System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis ES System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis IV Prep - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Logistics (Pyxis Pharmogistics) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Med Link Queue & Waste - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis MedBank - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis MedStation 4000 System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Medstation ES - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Order Viewer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis ParAssist - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis PARx - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis PharmoPack - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis RapidRx - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis ReadyMed - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis SupplyStation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Tissue & Implant Management System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Pyxis Track and Deliver - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD ReadyMed - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Remote Support Services (RSS) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rhapsody Single-Cell Analysis System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Dose (Windows 10 platform) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Dose (Windows 7 Workstations only) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Pouch Packaging Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa ProLog - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Smart - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Rowa Vmax - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Sensica Urine Output System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Site~Rite 8 Ultrasound Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Synapsys Informatics Solution - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Totalys DataLink - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Totalys Multiprocessor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Totalys SlidePrep - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Veritor COVID At Home Solution Cloud - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Viper LT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: BD Viper XTR - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: CoreLite - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: EnCor Enspire Breast Biopsy System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: EnCor Ultra Breast Biopsy System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: FlowJo Portal - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: FlowJo Software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Influx - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: LSRFortessa - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: LSRFortessa X-20 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: PleurX - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: QUANTAFLO Peripheral Arterial Disease Test - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Restock Order - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: SeqGeq Software - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Sherlock 3CG Standalone Tip Confirmation Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Site~Rite PICC Ultrasound Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Site~Rite Prevue Plus Ultrasound Systems - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: BD - product: Specimen Collection Verification - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://cybersecurity.bd.com/bulletins-and-patches/third-party-vulnerability-apache-log4j - notes: '' - references: - - '' - last_updated: '2021-12-20T00:00:00' - - vendor: Beckman Coulter - product: Access 2 (Immunoassay System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ac•T 5diff (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ac•T Family (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU2700 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU480 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU5400 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU5800 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU640 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AU680 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 1200 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 1250 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 2500 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: AutoMate 2550 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxA 5000 (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxA 5000 Fit (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 500 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 520 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 560 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 600 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 690T (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 800 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH 900 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH SMS (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxH SMS II (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM Autoplak (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM WalkAway 1040 (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxM WalkAway 1096 (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Command Central (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Customers can follow instructions to remove log4j - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Insights (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: Patch has been applied. - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Inventory Manager (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxONE Workflow Manager (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxU Workcell (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxUc (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: DxUm (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HighFlexX Software (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HmX (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: HmX AL (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iChemVELOCITY (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: IMMAGE 800 (Nephelometry) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Intelligent Sample Banking ISB (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Ipaw (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iQ Workcell (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iQ200 (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: iRICELL (Urinalysis) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LabPro Workstation and Database Computers Provided by Beckman Coulter - (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: - - All - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: The only known instance of vulnerability due to Log4J is using Axeda services - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH 500 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH Slidemaker (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH Slidestraine (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH750 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH780 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: LH785 (Hematology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: MicroScan autoSCAN-4 (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PK7300 (Blood Bank) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PK7400 (Blood Bank) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Express (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Link (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Power Processor (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: PROService (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: RAP Box (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: REMISOL ADVANCE (Information Systems) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Sorting Drive (Lab Automation) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxC 600 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxC 800 (Chemistry System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxI 600 (Immunoassay System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: Unicel DxI 800 (Immunoassay System) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 40 plus (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 40 SI (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 96 plus (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beckman Coulter - product: WalkAway 96 SI (Microbiology) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beckmancoulter.com/en/about-beckman-coulter/product-security/product-security-updates - notes: '' - references: - - '' - last_updated: '2022-01-31T00:00:00' - - vendor: Beijer Electronics - product: acirro+ - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BFI frequency inverters - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: BSD servo drives - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: CloudVPN - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: FnIO-G and M Distributed IO - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: iX Developer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto modular PLC - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: Nexto Xpress compact controller - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Beijer Electronics - product: WARP Engineering Studio - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: Belden - product: Hirschmann Networking Devices and Software Tools - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://hirschmann-support.belden.com/file.php/18672XKMWSCRYGG186719202C5BA4/Hirschmann_Statement_Log4j_Vulnerability_Dec2021.pdf - notes: Hirschmann is a brand of Belden. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bender - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.bender.de/en/cert - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical - product: Request Tracker (RT) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Best Practical - product: Request Tracker for Incident Response (RTIR) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BeyondTrust - product: Privilege Management Cloud - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Privilege Management Reporting in BeyondInsight - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '21.2' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BeyondTrust - product: Secure Remote Access appliances - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell - notes: '' - references: - - '' - last_updated: '2021-12-17T00:00:00' - - vendor: BigBlueButton - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/bigbluebutton/bigbluebutton/issues/13897 - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BioJava - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://github.com/biojava/biojava/releases/tag/biojava-6.0.4 - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BioMerieux - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.biomerieux.com/en/cybersecurity-data-privacy - notes: '' - references: - - '' - last_updated: '2021-12-22T00:00:00' - - vendor: BisectHosting - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitDefender - product: GravityZone On-Prem - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitNami By VMware - product: '' - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://docs.bitnami.com/general/security/security-2021-12-10/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BitRise - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bitwarden - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - All - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Biztory - product: Fivetran - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.biztory.com/blog/apache-log4j2-vulnerability - notes: '' - references: - - Vendor review indicated Fivetran is not vulnerable to Log4j2 - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Black Kite - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BlackBerry - product: 2FA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BlackBerry - product: Enterprise Mobility Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 2.12 and above - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BlackBerry - product: Workspaces On-Prem Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - All - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://login.blackberry.com/sso/SSORedirect/metaAlias/idp?SAMLRequest=fZNdc6owEIb%2FCpN7JFIqlal2KKio%2BFGgar05EyCWKCRAgqK%2F%2FlA9zvT0ojuzF5l9s%2B9u5snzS52l0hGXnDDaA%2B0WBBKmEYsJ%2FeyB92AoP4GX%2FjNHWZobZiUS6uGiwlxIzT3KjWuhB6qSGgxxwg2KMswNERm%2BOXMNtQWNvGSCRSwFksk5LkVjZDHKqwyXPi6PJMLvntsDiRA5NxSFV3nOStEKUxQdQlyW51bEMqXJrKJEnJWUfRL6wlkPQvuhA68Rdi8XINnNXIQicV3l3u8q%2F9mNc6b4%2FsLDMSlxJJQMC2SmBHGFxDmQxnYP%2FFEts4mNvEhOfDSzzdPP%2FCrr9vFjMig0OBtGswiZ52H6mK9Gbtev5FnViZ2HV3dnV3lSOPvSn2YCboaeFV5Q4Yx2K%2FQ%2B1RcPUzWin0%2F7j%2FlEI1OtULfqpNnC8arkIjaD3X6%2BtlVvF8JJvQqznJlx4MfWIQuC1HJhklLH1m2vA9PHbjgSaB2K3YbND5a3X2%2BLfD48DbofVaIlfBSiLt5qS67P6pW87%2FD4SAaqfDzVzLbrQWGdhq7pkG6AdNt0k4ofMj1Zs7Jeio4%2FpuQURwMtHC%2BdGtZvRVD7Vg7jt%2Ba1OK%2FwmHKBqOgBFaqqDFW5%2FRi0dQO2DbXb0qC6BdLyHwivhN7w%2Bo2a8CbihhMES3m58AMgre6YNgJwg9K4mpffaPy9LbojCPp3QL6hkZ1bHKWY71gZ4S9QnpVvJv3b6f9%2F0P8L&RelayState=%2Fcommunity%2Fs%2Farticle%2F90708&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=ThznbsjgVwDX5E2fOcNREcaH%2FaSSD9EIp6MP3c9O9BRVFL%2BETG3n1WQKapplpISRgUkLEs2XvRpJ4%2FfEmynkr5laH4rrAIgMNL%2FauqYIGWvzbdzfp44PkOGUBkHxgo52GjhshHBPyHqJjnvzIoNyIK2zhDBQXevq9etV7wnX7SprJpHX%2B6Ivskj5wAXJzi9SiMafMvUiUFyVq9YBhzd2ZpiTyiYia%2Bdgq4Z74sUIqOyz6bn2KjCKT%2FMqeFqyYYp5JU9CnQk%2BHAH2juQU%2F8MlrGtrRRtgf6fACGMOGria0Vu1wUDwnJiSdI%2BZSzShr%2Fg6Cl9mfaKuTItwlxiqQlbx7hvHEhgg2SNqyrRnJDzpYImSeIMjgHuUy2Iaf6O6J90GdKF4%2BDkCpyXVsm%2FkZhBA6D7uo9rj8tPfE7ml6Njhm9pFZxjuicbCI%2F4Zj66aC52RlpUZwlMgS2HpXOdbILUX8H2FXnm%2FCjDHEDGv49HusCmQehes1g0LzTXXwKkC1hWOYjwWb8uxNneaR0e552R6fjRns%2B2kG04C%2B8COLbJ7v7s3WlUDGBN%2BUa%2BE5q0QNpIYmIW1daXmOx%2FXRBoBdBwWZ1b3GtaBmRiEarb4rF1DgKa9P3SdQBb1M6SvjprcyHRtai7AxnIBW1KMFWB6mETzESVSFwO5KA80co5Aau7HfhM%3D - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blancco - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Bluemind - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 3.5.x - - 4.x - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://twitter.com/bluemind/status/1470379923034578946?s=20A - notes: This advisory is available to customer only and has not been reviewed by - CISA. - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: Blumira - product: All - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://www.blumira.com/cve-2021-44228-log4shell/ - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: 3270 SUPEROPTIMIZER/CI - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: 3270 SUPEROPTIMIZER/CICS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Application Restart Control for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Application Restart Control for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Application Restart Control for VSAM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Bladelogic Database Automation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Apptune for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Backup and Recovery for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Batch Optimizer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Capacity Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Catalog Manager for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Catalog Manager for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for IMS for DBCTL - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager for IMS TM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Change Manager Virtual Terminal for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Check for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Command Center for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Command Center for Security - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Console Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Copy for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Cost Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Data Packer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Database Administration for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Database Advisor for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Database Performance for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Datastream for Ops - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for McAfee DAM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for Ops Insight - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for z/Linux - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for z/OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender for z/OS GSIP Package - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender TCP/IP Receiver - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Defender z/VM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI DevOps for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Energizer for IMS Connect - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Enterprise Connector - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Extended Terminal Assist for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Indexer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Analyzer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Image Copy for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Reorg for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Online Restructure for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Recovery for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Fast Path Restart for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Integrity for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Large Object Management for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Load for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI LOBMaster for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Log Analyzer for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Log Master for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Message Advisor for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Online Reorg for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Automation - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Automation for Capping - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Common Rest API (CRA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops for Networks - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Infrastructure (MVI) - CRA - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Insight - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for CICS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for CMF - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for IMS Offline - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for IMS Online - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for IP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for JE - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for MQ - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for USS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for WAS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor for z/OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops Monitor SYSPROG Services - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Ops UI - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Partitioned Database Facility for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Pointer Checker for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Pool Advisor for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Recover for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Recovery for VSAM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Recovery Manager for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Reorg for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Reorg for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Administrator - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Policy Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Privileged Access Manager (BMC AMI Security Breakglass) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Security Self Service Password Reset - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI SQL Explorer for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI SQL Performance for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Stats for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Storage - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Unload for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Utility Mangement for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Utility Mangemer for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC AMI Utlities for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Application Accelerator for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Check Plus for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Client Gateway (Kaazing) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Client Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Abend-Aid - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Application Audit - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware DevEnterprise - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Enterprise Common Components (ECC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Enterprise Services (CES) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID Data Privacy - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID Data Solutions - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID/MVS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware File-AID/RDX - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Hiperstation ALL Product Offerings - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware ISPW - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware iStrobe - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Program Analyzer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Storage Backup and Recovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Storage Migration - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Storage Performance - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Strobe - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware ThruPut Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Connect (including NXPromote) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Enterprise Data - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz for Java Performance - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz for Total Test - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Program Analysis - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Workbench - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/CICS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/Code Coverage - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/TSO and IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz Xpediter/Xchange - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Compuware Topaz zAdviser - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC COPE for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC DASD Manger for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Database Recovery Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Db2 Plus Utilities - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent Configuration Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent for SAP - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent for Unix/Linux - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Agent for Windows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender App for Splunk - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SIEM Correlation Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SIEM for Motorola - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SIEM for NNT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender SyslogDefender - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Defender Windows Agent for Splunk - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Digital Workplace Advanced (DWPA) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Digital Workplace Basic (DWP) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Digital Workplace Catalog (DWPC) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Discovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Discovery for z/OS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Business Workflows - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization (REE) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Continuous Optimization - Agents - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Data Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Discovery Outpost - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - 21.x and below - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix ITSM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - 21.x - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Knowledge Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Helix Platform - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC License Usage Collection Utility - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC LOADPLUS for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Explorer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Middleware Administrator - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Middleware Monitor - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Transaction Analyzer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MainView Vistapoint & Energizer - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MAXM Reorg for IMS with Online/Defrag Feature - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MAXM Reorg/EP for IMS - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC MAXM Reorg/EP for IMS with Online/Defrag Feature - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Next Generation Logger (NGL) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Opertune for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL Agent - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL Agent (TSOM & BHOM) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL for Linux KM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL for Sybase - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC PATROL Knowledge Modules - PATROL KM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: Except Sybase and Linux - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Plus Utilities - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy AR System - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy CMDB - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy ITSM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy Mid-Tier - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy SLM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy Smart Reporting - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy SmartIT - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Remedy SRM - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Reorg Plus for Db2 - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO Agent - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO Auth Proxy - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO DataTransfer Tool - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC RSSO Server - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Runtime Component System (RTCS) - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Automation Console - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Automation for Networks - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Automation for Servers - Data Wharehouse - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Capacity Optimization - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Capacity Optimization - Agents - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - App Visibility Manager - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - Infrastructure Management - cves: - cve-2021-4104: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - IT Data Analytics + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: CloudVPN cves: cve-2021-4104: investigated: false @@ -24681,41 +13840,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management - Presenttion Server - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24727,13 +13855,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Operations Management Reporting + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: FnIO-G and M Distributed IO cves: cve-2021-4104: investigated: false @@ -24741,41 +13869,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Orchestration - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' cve-2021-45046: investigated: false affected_versions: [] @@ -24787,13 +13884,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Server Automation + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: iX Developer cves: cve-2021-4104: investigated: false @@ -24801,41 +13898,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] - cve-2021-45046: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - cve-2021-45105: - investigated: false - affected_versions: [] - fixed_versions: [] - unaffected_versions: [] - vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability - notes: '' - references: - - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Smart Reporting - cves: - cve-2021-4104: investigated: false affected_versions: [] fixed_versions: [] unaffected_versions: [] - cve-2021-44228: - investigated: true - affected_versions: [] - fixed_versions: - - '' - unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24847,13 +13913,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Smart Reporting Platform + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto modular PLC cves: cve-2021-4104: investigated: false @@ -24861,10 +13927,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -24877,13 +13942,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TrueSight Vulnerability Management + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: Nexto Xpress compact controller cves: cve-2021-4104: investigated: false @@ -24891,10 +13956,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -24907,13 +13971,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC TSCO for Mainframes + last_updated: '2021-12-22T00:00:00' + - vendor: Beijer Electronics + product: WARP Engineering Studio cves: cve-2021-4104: investigated: false @@ -24921,11 +13985,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24937,13 +14000,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www05.beijerelectronics.com/en/news---events/news/2021/Important___information___regarding___Log4Shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC Unload Plus for Db2 + last_updated: '2021-12-22T00:00:00' + - vendor: Bender + product: '' cves: cve-2021-4104: investigated: false @@ -24951,11 +14014,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24967,13 +14029,14 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.bender.de/en/cert notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: BMC User Interface Middleware (UIM) + - vendor: Best Practical Request Tracker (RT) and Request Tracker for Incident Response + (RTIR) + product: '' cves: cve-2021-4104: investigated: false @@ -24981,11 +14044,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -24997,13 +14059,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://bestpractical.com/blog/2021/12/request-tracker-rt-and-request-tracker-for-incident-response-rtir-do-not-use-log4j notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Change Accumulation Plus + - vendor: BeyondTrust + product: Privilege Management Cloud cves: cve-2021-4104: investigated: false @@ -25013,9 +14075,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - Unknown + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25027,13 +14089,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Concurrent Reorg Facility + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Privilege Management Reporting in BeyondInsight cves: cve-2021-4104: investigated: false @@ -25043,9 +14105,9 @@ software: cve-2021-44228: investigated: true affected_versions: [] - fixed_versions: [] - unaffected_versions: - - '' + fixed_versions: + - '21.2' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25057,13 +14119,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Conditional Image Copy + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust + product: Secure Remote Access appliances cves: cve-2021-4104: investigated: false @@ -25075,7 +14137,7 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: - - '' + - Unknown cve-2021-45046: investigated: false affected_versions: [] @@ -25087,13 +14149,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.beyondtrust.com/blog/entry/security-advisory-apache-log4j2-cve-2021-44228-log4shell notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Control-M + last_updated: '2021-12-17T00:00:00' + - vendor: BeyondTrust Bomgar + product: '' cves: cve-2021-4104: investigated: false @@ -25101,10 +14163,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -25117,13 +14178,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://beyondtrustcorp.service-now.com/kb_view.do?sysparm_article=KB0016542 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: DASD Manager Plus for Db2 + - vendor: BioMerieux + product: '' cves: cve-2021-4104: investigated: false @@ -25131,11 +14192,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25147,13 +14207,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.biomerieux.com/en/cybersecurity-data-privacy notes: '' references: - '' - last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Data Accelerator Compression + last_updated: '2021-12-22T00:00:00' + - vendor: BisectHosting + product: '' cves: cve-2021-4104: investigated: false @@ -25161,11 +14221,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25177,13 +14236,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.bisecthosting.com/clients/index.php?rp=/knowledgebase/205/Java-Log4j-Vulnerability.html notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Delta IMS DB/DC + - vendor: BitDefender + product: '' cves: cve-2021-4104: investigated: false @@ -25191,11 +14250,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25207,13 +14265,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://businessinsights.bitdefender.com/security-advisory-bitdefender-response-to-critical-0-day-apache-log4j2-vulnerability notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Delta IMS Virtual Terminal + - vendor: BitNami By VMware + product: '' cves: cve-2021-4104: investigated: false @@ -25221,11 +14279,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25237,13 +14294,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://docs.bitnami.com/general/security/security-2021-12-10/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: ExceptionReporter + - vendor: BitRise + product: '' cves: cve-2021-4104: investigated: false @@ -25251,11 +14308,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25267,13 +14323,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blog.bitrise.io/post/bitrises-response-to-log4j-vulnerability-cve-2021-44228 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Extended Buffer Manager + - vendor: Bitwarden + product: '' cves: cve-2021-4104: investigated: false @@ -25281,11 +14337,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25297,13 +14352,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://community.bitwarden.com/t/log4j-log4shell-cve-is-bitwarden-affected-due-to-docker-image/36177/2 notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Analyzer/EP + - vendor: Biztory + product: Fivetran cves: cve-2021-4104: investigated: false @@ -25311,11 +14366,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25327,13 +14381,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.biztory.com/blog/apache-log4j2-vulnerability notes: '' references: - - '' + - Vendor review indicated Fivetran is not vulnerable to Log4j2 last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Facility + - vendor: Black Kite + product: '' cves: cve-2021-4104: investigated: false @@ -25341,11 +14395,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25357,13 +14410,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://blackkite.com/log4j-rce-vulnerability-log4shell-puts-millions-at-risk/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Facility/EP + - vendor: Blancco + product: '' cves: cve-2021-4104: investigated: false @@ -25371,11 +14424,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25387,13 +14439,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://support.blancco.com/display/NEWS/2021/12/12/CVE-2021-44228+-+Critical+vulnerability+in+Apache+Log4j+library notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - - vendor: BMC - product: Fast Path Reorg/EP + - vendor: Blumira + product: '' cves: cve-2021-4104: investigated: false @@ -25401,11 +14453,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25417,13 +14468,13 @@ software: fixed_versions: [] unaffected_versions: [] vendor_links: - - https://community.bmc.com/s/news/aA33n000000TSUdCAO/bmc-security-advisory-for-cve202144228-log4shell-vulnerability + - https://www.blumira.com/cve-2021-44228-log4shell/ notes: '' references: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FASTCOPY + product: Bladelogic Database Automation cves: cve-2021-4104: investigated: false @@ -25431,11 +14482,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25453,7 +14503,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FASTCPK + product: BMC AMI Ops cves: cve-2021-4104: investigated: false @@ -25461,11 +14511,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25483,7 +14532,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDR + product: BMC AMI Products cves: cve-2021-4104: investigated: false @@ -25491,11 +14540,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25513,7 +14561,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDR/UPSTREAM + product: BMC Compuware cves: cve-2021-4104: investigated: false @@ -25521,11 +14569,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25543,7 +14590,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRABR + product: BMC Helix Automation Console cves: cve-2021-4104: investigated: false @@ -25551,11 +14598,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25573,7 +14619,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRERASE + product: BMC Helix Business Workflows cves: cve-2021-4104: investigated: false @@ -25581,11 +14627,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25603,7 +14648,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRMOVE + product: BMC Helix Client Management cves: cve-2021-4104: investigated: false @@ -25611,11 +14656,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25633,7 +14677,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRPAS + product: BMC Helix Cloud Cost cves: cve-2021-4104: investigated: false @@ -25641,11 +14685,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25663,7 +14706,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRPASVM + product: BMC Helix Cloud Security cves: cve-2021-4104: investigated: false @@ -25671,11 +14714,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25693,7 +14735,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: FDRREORG + product: BMC Helix CMDB cves: cve-2021-4104: investigated: false @@ -25701,11 +14743,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25723,7 +14764,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Footprints + product: BMC Helix Continuous Optimization cves: cve-2021-4104: investigated: false @@ -25731,11 +14772,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25753,7 +14793,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: IAM + product: BMC Helix Control-M cves: cve-2021-4104: investigated: false @@ -25761,11 +14801,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25783,7 +14822,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Image Copy Plus + product: BMC Helix Digital Workplace cves: cve-2021-4104: investigated: false @@ -25791,11 +14830,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25813,7 +14851,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: LOADPLUS for IMS + product: BMC Helix Discovery cves: cve-2021-4104: investigated: false @@ -25821,11 +14859,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25843,7 +14880,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: LOADPLUS/EP for IMS + product: BMC Helix ITSM cves: cve-2021-4104: investigated: false @@ -25851,11 +14888,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25873,7 +14909,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Local Copy Plus + product: BMC Helix Knowledge Management cves: cve-2021-4104: investigated: false @@ -25881,11 +14917,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -25903,7 +14938,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Partner KMs Hardware Sentry Open Telemetry Collector + product: BMC Helix Operations Management with AIOps cves: cve-2021-4104: investigated: false @@ -25911,10 +14946,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -25933,7 +14967,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Partner KMs Storage All-in-One ETL for BMC Truesight Capacity Optimization + product: BMC Helix Platform cves: cve-2021-4104: investigated: false @@ -25941,10 +14975,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -25963,7 +14996,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Partner KMs Storage Analyzer for PATROL + product: BMC Helix platform cves: cve-2021-4104: investigated: false @@ -25971,10 +15004,9 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] - fixed_versions: - - '' + fixed_versions: [] unaffected_versions: [] cve-2021-45046: investigated: false @@ -25993,7 +15025,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Prefix Resolution Plus + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -26001,11 +15033,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26023,7 +15054,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Prefix Update for IMS + product: BMC Helix Remediate cves: cve-2021-4104: investigated: false @@ -26031,11 +15062,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26053,7 +15083,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Recovery Advisor for IMS + product: BMC Helix Remedyforce cves: cve-2021-4104: investigated: false @@ -26061,11 +15091,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26083,7 +15112,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Recovery Manager for IMS + product: BMC Helix Virtual Agent cves: cve-2021-4104: investigated: false @@ -26091,11 +15120,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26113,7 +15141,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Recovery Plus for IMS + product: Cloud Lifecycle Management cves: cve-2021-4104: investigated: false @@ -26121,11 +15149,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26143,7 +15170,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Release Package and Deployment + product: Control-M cves: cve-2021-4104: investigated: false @@ -26151,11 +15178,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26173,7 +15199,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Release Process Management + product: Footprints cves: cve-2021-4104: investigated: false @@ -26181,11 +15207,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26203,7 +15228,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Resident Security Server + product: MainView Middleware Administrator cves: cve-2021-4104: investigated: false @@ -26211,11 +15236,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26233,7 +15257,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Secondary Index Utility + product: MainView Middleware Monitor cves: cve-2021-4104: investigated: false @@ -26241,11 +15265,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26263,7 +15286,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Secondary Index Utility/EP + product: Remedy ITSM (IT Service Management) cves: cve-2021-4104: investigated: false @@ -26271,11 +15294,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26293,7 +15315,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: Snapshot Upgrade Feature + product: SmartIT cves: cve-2021-4104: investigated: false @@ -26301,11 +15323,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26331,11 +15352,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26353,7 +15373,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: ULTRAOPT/CICS + product: TrueSight Automation for Networks cves: cve-2021-4104: investigated: false @@ -26361,11 +15381,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26383,7 +15402,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: ULTRAOPT/IMS + product: TrueSight Automation for Servers cves: cve-2021-4104: investigated: false @@ -26391,11 +15410,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26413,7 +15431,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: UNLOAD PLUS for IMS + product: TrueSight Capacity Optimization cves: cve-2021-4104: investigated: false @@ -26421,11 +15439,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26443,7 +15460,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: UNLOAD PLUS/EP for IMS + product: TrueSight Infrastructure Management cves: cve-2021-4104: investigated: false @@ -26451,11 +15468,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26473,7 +15489,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: UXF for IMS (non product) + product: TrueSight Operations Management cves: cve-2021-4104: investigated: false @@ -26481,11 +15497,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] @@ -26503,7 +15518,7 @@ software: - '' last_updated: '2022-01-12T07:18:50+00:00' - vendor: BMC - product: zDetect + product: TrueSight Orchestration cves: cve-2021-4104: investigated: false @@ -26511,11 +15526,10 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: true + investigated: false affected_versions: [] fixed_versions: [] - unaffected_versions: - - '' + unaffected_versions: [] cve-2021-45046: investigated: false affected_versions: [] diff --git a/data/cisagov_B.yml b/data/cisagov_B.yml index 382dcb6..560395b 100644 --- a/data/cisagov_B.yml +++ b/data/cisagov_B.yml @@ -313,7 +313,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '1.8 - 1.9.4.1' + - 1.8 - 1.9.4.1 unaffected_versions: [] cve-2021-45046: investigated: false @@ -402,7 +402,7 @@ software: investigated: true affected_versions: [] fixed_versions: - - '4.18.0 onwards' + - 4.18.0 onwards unaffected_versions: [] cve-2021-45046: investigated: false From c721b9ec74235865a718bcd60c9bd715ad0224fe Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 16 Feb 2022 14:21:11 -0500 Subject: [PATCH 260/268] Add subdirectory, and README file --- software_lists/README.md | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 software_lists/README.md diff --git a/software_lists/README.md b/software_lists/README.md new file mode 100644 index 0000000..e166f08 --- /dev/null +++ b/software_lists/README.md @@ -0,0 +1,29 @@ +# CISA Log4j (CVE-2021-44228) Affected Vendor & Software Lists + +## Contributing Guidelines ## + +We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for +details. + +### Creating a pull request ### + +Instructions for creating a pull request using the GitHub Web UI can be found +in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md). + +## Software Lists ## + +To view the lists of vendors & software click below: +[0-9](software_lists/software_list_Non-Alphabet.md) [A](software_lists/software_list_a.md) +[B](software_lists/software_list_b.md) [C](software_lists/software_list_c.md) +[D](software_lists/software_list_d.md) [E](software_lists/software_list_e.md) +[F](software_lists/software_list_f.md) [G](software_lists/software_list_g.md) +[H](software_lists/software_list_h.md) [I](software_lists/software_list_i.md) +[J](software_lists/software_list_j.md) [K](software_lists/software_list_k.md) +[L](software_lists/software_list_l.md) [M](software_lists/software_list_m.md) +[N](software_lists/software_list_n.md) [O](software_lists/software_list_o.md) +[P](software_lists/software_list_p.md) [Q](software_lists/software_list_q.md) +[R](software_lists/software_list_r.md) [S](software_lists/software_list_s.md) +[T](software_lists/software_list_t.md) [U](software_lists/software_list_u.md) +[V](software_lists/software_list_v.md) [W](software_lists/software_list_w.md) +[X](software_lists/software_list_x.md) [Y](software_lists/software_list_y.md) +[Z](software_list_z.md) From c7a9c73b12ff301e631ef66aa6a10945937c3c49 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 16 Feb 2022 14:23:03 -0500 Subject: [PATCH 261/268] Remove subdirectory --- software_lists/README.md | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 software_lists/README.md diff --git a/software_lists/README.md b/software_lists/README.md deleted file mode 100644 index e166f08..0000000 --- a/software_lists/README.md +++ /dev/null @@ -1,29 +0,0 @@ -# CISA Log4j (CVE-2021-44228) Affected Vendor & Software Lists - -## Contributing Guidelines ## - -We welcome contributions! Please see [`CONTRIBUTING.md`](CONTRIBUTING.md) for -details. - -### Creating a pull request ### - -Instructions for creating a pull request using the GitHub Web UI can be found -in [`PULL-EXAMPLE.md`](PULL-EXAMPLE.md). - -## Software Lists ## - -To view the lists of vendors & software click below: -[0-9](software_lists/software_list_Non-Alphabet.md) [A](software_lists/software_list_a.md) -[B](software_lists/software_list_b.md) [C](software_lists/software_list_c.md) -[D](software_lists/software_list_d.md) [E](software_lists/software_list_e.md) -[F](software_lists/software_list_f.md) [G](software_lists/software_list_g.md) -[H](software_lists/software_list_h.md) [I](software_lists/software_list_i.md) -[J](software_lists/software_list_j.md) [K](software_lists/software_list_k.md) -[L](software_lists/software_list_l.md) [M](software_lists/software_list_m.md) -[N](software_lists/software_list_n.md) [O](software_lists/software_list_o.md) -[P](software_lists/software_list_p.md) [Q](software_lists/software_list_q.md) -[R](software_lists/software_list_r.md) [S](software_lists/software_list_s.md) -[T](software_lists/software_list_t.md) [U](software_lists/software_list_u.md) -[V](software_lists/software_list_v.md) [W](software_lists/software_list_w.md) -[X](software_lists/software_list_x.md) [Y](software_lists/software_list_y.md) -[Z](software_list_z.md) From 9930309651c95a49ce5a66fbe6673d56b90f39d1 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 16 Feb 2022 14:27:07 -0500 Subject: [PATCH 262/268] Add vendor link AWS --- data/cisagov_A.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index f15fbf7..177266c 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -2834,7 +2834,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 From 19747ceab58fd9e045dfac644b513fd39ba4ddd4 Mon Sep 17 00:00:00 2001 From: cisagovbot <65734717+cisagovbot@users.noreply.github.com> Date: Wed, 16 Feb 2022 19:32:07 +0000 Subject: [PATCH 263/268] Update the software list --- SOFTWARE-LIST.md | 2 +- data/cisagov.yml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 05c5123..3e5dfc1 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -122,7 +122,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to | Amazon | API Gateway | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Amazon | Athena | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Amazon | Athena JDBC Driver | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | All versions vended to customers were not affected. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | -| Amazon | AWS | | | Not Affected | | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | +| Amazon | AWS | | | Not Affected | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 and amzn2-ami-kernel-5.10-hvm-2.0.20211201.0-x86_64-gp2. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-15 | | Amazon | AWS AppFlow | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Amazon | AWS AppSync | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | Updated to mitigate the issues identified in CVE-2021-44228 and CVE-2021-45046. | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | | Amazon | AWS Certificate Manager | | | Fixed | [link](https://aws.amazon.com/security/security-bulletins/AWS-2021-006/) | | | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-20 | diff --git a/data/cisagov.yml b/data/cisagov.yml index ea7a263..f681472 100644 --- a/data/cisagov.yml +++ b/data/cisagov.yml @@ -3015,7 +3015,8 @@ software: affected_versions: [] fixed_versions: [] unaffected_versions: [] - vendor_links: [] + vendor_links: + - https://aws.amazon.com/security/security-bulletins/AWS-2021-006/ notes: Amazon Linux 1 had aws apitools which were Java based but these were deprecated in 2015 [AWS Forum](https://forums.aws.amazon.com/thread.jspa?threadID=323611). AMIs used to inspect and verify (base spin ups) - amzn-ami-hvm-2018.03.0.20200318.1-x86_64-gp2 From ad71ef369b933e709e051873c50298e2ddaf2345 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Wed, 23 Feb 2022 20:11:49 -0500 Subject: [PATCH 264/268] Update pre-commit hooks Update pre-commit hooks using `pre-commit autoupdate`. --- .pre-commit-config.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index b8dcbe0..e6dc7b7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -31,7 +31,7 @@ repos: # Text file hooks - repo: https://github.com/igorshubovych/markdownlint-cli - rev: v0.30.0 + rev: v0.31.1 hooks: - id: markdownlint args: @@ -49,7 +49,7 @@ repos: # pre-commit hooks - repo: https://github.com/pre-commit/pre-commit - rev: v2.16.0 + rev: v2.17.0 hooks: - id: validate_manifest @@ -75,13 +75,13 @@ repos: # Python hooks - repo: https://github.com/PyCQA/bandit - rev: 1.7.1 + rev: 1.7.2 hooks: - id: bandit args: - --config=.bandit.yml - repo: https://github.com/psf/black - rev: 21.12b0 + rev: 22.1.0 hooks: - id: black - repo: https://gitlab.com/pycqa/flake8 @@ -105,14 +105,14 @@ repos: # Ansible hooks - repo: https://github.com/ansible-community/ansible-lint - rev: v5.3.2 + rev: v5.4.0 hooks: - id: ansible-lint # files: molecule/default/playbook.yml # Terraform hooks - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.62.3 + rev: v1.64.0 hooks: - id: terraform_fmt - id: terraform_validate From a05b45adf9d817ee50357470363e212c4b6f81a0 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 25 Feb 2022 08:26:08 -0500 Subject: [PATCH 265/268] Add comment to Dependabot configuration This comment explains that the configuration may have commented out ignore directives that should be uncommented in downstream projects. --- .github/dependabot.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a3bcd94..5792ed9 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,5 +1,10 @@ --- +# Any ignore directives should be uncommented in downstream projects to disable +# Dependabot updates for the given dependency. Downstream projects will get +# these updates when the pull request(s) in the appropriate skeleton are merged +# and Lineage processes these changes. + version: 2 updates: - package-ecosystem: "github-actions" From 77b20ab3d7822b66715db168240b25e72d1c4ed0 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 25 Feb 2022 08:27:32 -0500 Subject: [PATCH 266/268] Disable comments-indentation rule for yamllint yamllint does not like it when you comment out pieces of dictionaries in lists. Upcoming additions to the Dependabot configuration will run afoul of this so we are updating the yamllint configuration. --- .yamllint | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.yamllint b/.yamllint index 7ed00eb..76a1cce 100644 --- a/.yamllint +++ b/.yamllint @@ -2,6 +2,12 @@ extends: default rules: + # yamllint does not like it when you comment out different parts of + # dictionaries in a list. You can see + # https://github.com/adrienverge/yamllint/issues/384 for some examples of + # this behavior. + comments-indentation: disable + # yamllint doesn't like when we use yes and no for true and false, # but that's pretty standard in Ansible. truthy: disable From 706bdeda5a2adbf27919a217603aa127d63975f8 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 25 Feb 2022 11:21:37 -0500 Subject: [PATCH 267/268] Use asterisks for emphasis- and strong-styles Given the inconsistent behavior of underscores used within words for style we should prefer asterisks now that these rules are available. --- .mdl_config.yaml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.mdl_config.yaml b/.mdl_config.yaml index b36f943..15a1a7c 100644 --- a/.mdl_config.yaml +++ b/.mdl_config.yaml @@ -48,3 +48,13 @@ MD035: MD046: # Enforce the fenced style for code blocks style: "fenced" + +# MD049/emphasis-style - Emphasis style should be consistent +MD049: + # Enforce asterisks as the style to use for emphasis + style: "asterisk" + +# MD050/strong-style - Strong style should be consistent +MD050: + # Enforce asterisks as the style to use for strong + style: "asterisk" From 7868a35e1097d291a73edb22fae3aa9017ec3768 Mon Sep 17 00:00:00 2001 From: Nicholas McDonnell <50747025+mcdonnnj@users.noreply.github.com> Date: Fri, 25 Feb 2022 11:23:25 -0500 Subject: [PATCH 268/268] Add missing hyphen in markdownlint rule header --- .mdl_config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.mdl_config.yaml b/.mdl_config.yaml index 15a1a7c..4a650c1 100644 --- a/.mdl_config.yaml +++ b/.mdl_config.yaml @@ -44,7 +44,7 @@ MD035: # Enforce dashes for horizontal rules style: "---" -# MD046/code-block-style Code block style +# MD046/code-block-style - Code block style MD046: # Enforce the fenced style for code blocks style: "fenced"