Update E products

2 years ago · 42b0cab510
parent cbbbf5f096
commit 42b0cab510
1 changed files with 20 additions and 18 deletions
--- a/data/cisagov_E.yml
+++ b/data/cisagov_E.yml
@ -5,7 +5,7 @@ owners:
    url: https://github.com/cisagov/log4j-affected-db
 software:
  - vendor: EasyRedmine
-    product: ''
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -34,7 +34,7 @@ software:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: Eaton
-    product: Undisclosed
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -42,9 +42,8 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: true
-        affected_versions:
-          - Undisclosed
+        investigated: false
+        affected_versions: []
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
@ -59,14 +58,12 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf
-    notes: Doesn't openly disclose what products are affected or not for quote 'security
-      purposes'. Needs email registration. No workaround provided due to registration
-      wall.
+    notes: For security purposes direct notifications are being made to impacted customers.  Please stay tuned for more updates.
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: EclecticIQ
-    product: ''
+    product: TIP
    cves:
      cve-2021-4104:
        investigated: false
@ -74,8 +71,9 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
-        affected_versions: []
+        investigated: true
+        affected_versions:
+          - '< 2.11'
        fixed_versions: []
        unaffected_versions: []
      cve-2021-45046:
@ -90,12 +88,15 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2
-    notes: ''
+    notes: This advisory is available to customer only and has not been reviewed by CISA.
+      The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch
+      and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation.
+      See link in their own fix for Logstash (Support account needed, ongoing investigation)
    references:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: Eclipse Foundation
-    product: ''
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -124,7 +125,7 @@ software:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: Edwards
-    product: ''
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -132,10 +133,11 @@ software:
        fixed_versions: []
        unaffected_versions: []
      cve-2021-44228:
-        investigated: false
+        investigated: true
        affected_versions: []
        fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
+          - ''
      cve-2021-45046:
        investigated: false
        affected_versions: []
@ -153,7 +155,7 @@ software:
      - ''
    last_updated: '2022-01-06T00:00:00'
  - vendor: EFI
-    product: ''
+    product: All
    cves:
      cve-2021-4104:
        investigated: false
@ -182,7 +184,7 @@ software:
      - ''
    last_updated: '2022-01-12T07:18:50+00:00'
  - vendor: EGroupware
-    product: ''
+    product: All
    cves:
      cve-2021-4104:
        investigated: false