From c05750e2f6d64632ffdb9a7bf27648b8c924ef07 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 11:45:55 -0700 Subject: [PATCH 1/5] Update cisagov_S.yml Added Samsung Electronics America --- data/cisagov_S.yml | 310 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 310 insertions(+) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index 1599d02..ca79e4d 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -755,6 +755,316 @@ software: references: - '' last_updated: '2021-12-15T00:00:00' + - vendor: Samsung Electronics America + product: Knox Reseller Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Manage + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: + - Cloud + unaffected_versions: [] + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Admin Portal + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Mobile Enrollment + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Configure + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Asset Intelligence + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox E-FOTA One + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Managed Services Provider (MSP) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox Guard + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' + - vendor: Samsung Electronics America + product: Knox License Management + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45105: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.samsungknox.com/en/blog/an-update-on-the-impact-of-the-apache-log4j-cve-2021-44228-vulnerability-on-samsung-knox-cloud-services + notes: '' + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: From f226ef21ca7abbfb2ba1897754a4c9709cb3948c Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 14:13:47 -0700 Subject: [PATCH 2/5] Update cisagov_S.yml found whitespace at the end and removed --- data/cisagov_S.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/cisagov_S.yml b/data/cisagov_S.yml index ca79e4d..be7667e 100644 --- a/data/cisagov_S.yml +++ b/data/cisagov_S.yml @@ -1064,7 +1064,7 @@ software: notes: '' references: - '' - last_updated: '2022-01-17T00:00:00' + last_updated: '2022-01-17T00:00:00' - vendor: Sangoma product: '' cves: From c6fcca9b9414d91aa9aa5461a8f91851dbabcf39 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 15:29:30 -0700 Subject: [PATCH 3/5] Update cisagov_V.yml Add VTSada vendor --- data/cisagov_V.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_V.yml b/data/cisagov_V.yml index 3a62fe6..bee878a 100644 --- a/data/cisagov_V.yml +++ b/data/cisagov_V.yml @@ -2571,6 +2571,36 @@ software: references: - '' last_updated: '2021-12-12T00:00:00' + - vendor: VTScada + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.vtscada.com/vtscada-unaffected-by-log4j/ + notes: Java is not utilized within VTScada software, and thus our users are unaffected. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: Vyaire product: '' cves: From 6ec7fdfb59eb32e3fb89be91d45cad14a2f657af Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 15:47:13 -0700 Subject: [PATCH 4/5] Update cisagov_A.yml Added Atvise vendor --- data/cisagov_A.yml | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/data/cisagov_A.yml b/data/cisagov_A.yml index 7a6ce38..12c2697 100644 --- a/data/cisagov_A.yml +++ b/data/cisagov_A.yml @@ -3705,6 +3705,36 @@ software: references: - '' last_updated: '2022-01-12T07:18:50+00:00' + - vendor: Atvise + product: All + cves: + cve-2021-4104: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - All + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://www.atvise.com/en/articles/at-log4j-sicherheitsluecke-atvise-produkte-und-terminals-nicht-betroffen + notes: The security vulnerability does NOT affect our applications and products or pose any threat. This applies to all Bachmann applications and products, including atviseĀ® solutions. + references: + - '' + last_updated: '2022-01-17T00:00:00' - vendor: AudioCodes product: '' cves: From db9eae4b81add8be9a7089f2424f3b4ad6f0495e Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Mon, 17 Jan 2022 16:29:01 -0700 Subject: [PATCH 5/5] Update cisagov_I.yml Added Avanti products, removed the one generic entry for Avanti. Added the affected products, will be adding the nonaffected products, which is going to be a long list. --- data/cisagov_I.yml | 142 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 136 insertions(+), 6 deletions(-) diff --git a/data/cisagov_I.yml b/data/cisagov_I.yml index 5a3cfcd..1298cc9 100644 --- a/data/cisagov_I.yml +++ b/data/cisagov_I.yml @@ -6975,7 +6975,7 @@ software: - '' last_updated: '2022-01-12T07:18:54+00:00' - vendor: Ivanti - product: '' + product: Avalanche cves: cve-2021-4104: investigated: false @@ -6983,17 +6983,19 @@ software: fixed_versions: [] unaffected_versions: [] cve-2021-44228: - investigated: false - affected_versions: [] + investigated: true + affected_versions: + - 6.2.2 + - 6.3.0 to 6.3.3 fixed_versions: [] unaffected_versions: [] cve-2021-45046: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] cve-2021-45105: - investigated: false + investigated: '' affected_versions: [] fixed_versions: [] unaffected_versions: [] @@ -7002,5 +7004,133 @@ software: notes: '' references: - '' - last_updated: '2022-01-12T07:18:54+00:00' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: Ivanti File Director + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 2019.1.* + - 2020.1.* + - 2020.3.* + - 2021.1.* + - 4.4.* + fixed_versions: + - 2021.3 HF2 + - 2021.1 HF1 + - 2020.3 HF2 + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: '' + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Sentry (Core/Cloud) + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - 9.13 + - 9.14 + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Sentry. + references: + - '' + last_updated: '2022-01-18T00:00:00' + - vendor: Ivanti + product: MobileIron Core Connector + cves: + cve-2021-4104: + investigated: false + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-44228: + investigated: true + affected_versions: + - All + fixed_versions: [] + unaffected_versions: [] + cve-2021-45046: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + cve-2021-45105: + investigated: '' + affected_versions: [] + fixed_versions: [] + unaffected_versions: [] + vendor_links: + - https://forums.ivanti.com/s/article/CVE-2021-44228-Java-logging-library-log4j-Ivanti-Products-Impact-Mapping?language=en_US + notes: See Advisory details for mitigation instructions for MobileIron Core Connector. + references: + - '' + last_updated: '2022-01-18T00:00:00' ...