1
0
Fork 0
mirror of https://github.com/cisagov/log4j-affected-db.git synced 2024-11-22 16:40:48 +00:00

Add CA & Webpage data

This commit is contained in:
justmurphy 2021-12-14 07:50:56 -05:00 committed by GitHub
parent e9016284ee
commit 4b8b3a86b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -5,13 +5,19 @@ This repository provides CISA's guidance and an overview of related software reg
</br>
**Official CISA Guidance & Resources:**
</br>
Webpage: [CISA Apache Log4j Vulnerability Guidance](https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance)
</br>
CISA Director Jen Easterly's Statement: [Statement from CISA Director Easterly on “Log4j” Vulnerability](https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability).
</br> CISA Current Activity Alert: [Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
</br> CISA Current Activity Alerts:
</br>
[Apache Releases Log4j Version 2.15.0 to Address Critical RCE Vulnerability Under Exploitation](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/10/apache-releases-log4j-version-2150-address-critical-rce)
</br>
[CISA Creates Webpage for Apache Log4j Vulnerability CVE-2021-44228](https://www.cisa.gov/uscert/ncas/current-activity/2021/12/13/cisa-creates-webpage-apache-log4j-vulnerability-cve-2021-44228)
</br>
National Vulnerability Database (NVD) Information: [CVE-2021-44228](https://nvd.nist.gov/vuln/detail/CVE-2021-44228)
</br>
</br>
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the log4j vulnerability, please feel free to open an issue [here](https://github.com/cisagov/log4j-affected-db/issues). We have a template available for your submission. Please also feel free to submit a pull request.
CISA will maintain a list of all publicly available information and vendor-supplied advisories regarding the Log4j vulnerability. This list is not a full list and will be updated continuously. If you have any additional information to share relevant to the Log4j vulnerability, please feel free to open an issue [here](https://github.com/cisagov/log4j-affected-db/issues). We have a template available for your submission. Please also feel free to submit a pull request.
# Status Descriptions
@ -24,7 +30,7 @@ CISA will maintain a list of all publicly available information and vendor-suppl
| Under Investigation | Vendor investigating status. |
# Software List
R
| Vendor | Product | Version | Status | Update Available | Vendor Link | Notes | Other References | Last Updated |
|:--------------|:----------------|:---------------:|:---------------:|:-----------------|-------------|-------|:-----------------|--------------:|
| Sample-Vendor | Product-A | 1.15.0 | Affected | Yes/No | [Update Link Here]()| <Statement by vendor, vuln note, etc.>| [Link Here]() | 12/11/2021|