Update E products

data/cisagov_E.yml

@@ -5,7 +5,7 @@ owners:
     url: https://github.com/cisagov/log4j-affected-db
 software:
   - vendor: EasyRedmine
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -34,7 +34,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Eaton
-    product: Undisclosed
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -42,9 +42,8 @@ software:
         fixed_versions: []
         unaffected_versions: []
       cve-2021-44228:
-        investigated: true
+        investigated: false
-        affected_versions:
+        affected_versions: []
-          - Undisclosed
         fixed_versions: []
         unaffected_versions: []
       cve-2021-45046:
@@ -59,14 +58,12 @@ software:
         unaffected_versions: []
     vendor_links:
       - https://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/Eaton-Security-Bulletin%20log4j_CVE_2021_44228_v1.0_Legal-Approved.pdf
-    notes: Doesn't openly disclose what products are affected or not for quote 'security
+    notes: For security purposes direct notifications are being made to impacted customers.  Please stay tuned for more updates.
-      purposes'. Needs email registration. No workaround provided due to registration
-      wall.
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: EclecticIQ
-    product: ''
+    product: TIP
     cves:
       cve-2021-4104:
         investigated: false
@@ -74,8 +71,9 @@ software:
         fixed_versions: []
         unaffected_versions: []
       cve-2021-44228:
-        investigated: false
+        investigated: true
-        affected_versions: []
+        affected_versions:
+          - '< 2.11'
         fixed_versions: []
         unaffected_versions: []
       cve-2021-45046:
@@ -90,12 +88,15 @@ software:
         unaffected_versions: []
     vendor_links:
       - https://docs.eclecticiq.com/security-advisories/security-issues-and-mitigation-actions/eiq-2021-0016-2
-    notes: ''
+    notes: This advisory is available to customer only and has not been reviewed by CISA.
+      The Threat Intel Platform includes Neo4j 3.5.12 (not vulnerable) and Elasticsearch
+      and Logstash OSS 7.9.1 (vulnerable) see Elasticsearch below for mitigation.
+      See link in their own fix for Logstash (Support account needed, ongoing investigation)
     references:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Eclipse Foundation
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -124,7 +125,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: Edwards
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -132,10 +133,11 @@ software:
         fixed_versions: []
         unaffected_versions: []
       cve-2021-44228:
-        investigated: false
+        investigated: true
         affected_versions: []
         fixed_versions: []
-        unaffected_versions: []
+        unaffected_versions:
+          - ''
       cve-2021-45046:
         investigated: false
         affected_versions: []
@@ -153,7 +155,7 @@ software:
       - ''
     last_updated: '2022-01-06T00:00:00'
   - vendor: EFI
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false
@@ -182,7 +184,7 @@ software:
       - ''
     last_updated: '2022-01-12T07:18:50+00:00'
   - vendor: EGroupware
-    product: ''
+    product: All
     cves:
       cve-2021-4104:
         investigated: false