From a00d3da334ac5ef25676399846010ad77cc747cf Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Tue, 28 Dec 2021 14:40:54 -0500 Subject: [PATCH 1/3] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index fbbfa7d..63654c0 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2406,8 +2406,9 @@ download | | 12/20/2021 | | Snowflake | | | Not Affected | | [Snowflake Community Link](https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228) | | | | | Snyk | Cloud Platform | |Not Affected | | [Snyk Updates](https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499) | | | | | Software AG | | | | | [Software AG](https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849) | | | | -| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | No | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228) | Workarounds available, hotfix under development | | 12/14/2021 | -| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | No | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | Workarounds available, hotfix under development | | 12/14/2021 | +| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228) |https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | +| SolarWinds | Orion Platform | Not Affected | | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | 12/23/2021 | +| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | For more information, please see the following KB article for the latest details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | | SonarSource | | | | | [SonarSource](https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721) | | | | | Sonatype | | | | | [Sonatype Vulnerability Statement](https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild) | | | | | SonicWall | Capture Client & Capture Client Portal | | Not Affected | | [Sonic Wall Security Advisory](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | Log4j2 not used in the Capture Client. | | 12/12/2021 | From 55fb6ebffdc41de834adbba2fff79c5575f86956 Mon Sep 17 00:00:00 2001 From: iainDe <96153057+iainDe@users.noreply.github.com> Date: Tue, 28 Dec 2021 14:47:12 -0500 Subject: [PATCH 2/3] Update SOFTWARE-LIST.md --- SOFTWARE-LIST.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index 63654c0..cfc0a7f 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2406,7 +2406,7 @@ download | | 12/20/2021 | | Snowflake | | | Not Affected | | [Snowflake Community Link](https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228) | | | | | Snyk | Cloud Platform | |Not Affected | | [Snyk Updates](https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499) | | | | | Software AG | | | | | [Software AG](https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849) | | | | -| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228) |https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | +| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228) | | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | | SolarWinds | Orion Platform | Not Affected | | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | 12/23/2021 | | SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | For more information, please see the following KB article for the latest details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | | SonarSource | | | | | [SonarSource](https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721) | | | | From ac87f938621584c398f70cfa3eef0ef4926c7830 Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Wed, 29 Dec 2021 08:58:20 -0500 Subject: [PATCH 3/3] Fix extra & missing pipes --- SOFTWARE-LIST.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SOFTWARE-LIST.md b/SOFTWARE-LIST.md index c55d13b..1ff1326 100644 --- a/SOFTWARE-LIST.md +++ b/SOFTWARE-LIST.md @@ -2417,9 +2417,9 @@ download | | 12/20/2021 | | Snowflake | | | Not Affected | | [Snowflake Community Link](https://community.snowflake.com/s/article/No-Snowflake-exposure-to-Apache-Log4j-vulnerability-CVE-2021-44228) | | | | | Snyk | Cloud Platform | |Not Affected | | [Snyk Updates](https://updates.snyk.io/snyk%27s-cloud-platform-all-clear-from-log4j-exploits-216499) | | | | | Software AG | | | | | [Software AG](https://tech.forums.softwareag.com/t/log4j-zero-day-vulnerability/253849) | | | | -| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228) | | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | -| SolarWinds | Orion Platform | Not Affected | | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | 12/23/2021 | -| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) [Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | For more information, please see the following KB article for the latest details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | +| SolarWinds | Database Performance Analyzer (DPA) | 2021.1.x, 2021.3.x, 2022.1.x | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228), [Database Performance Analyzer (DPA) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228) | For more information, please see the following KB article: [link](https://support.solarwinds.com/SuccessCenter/s/article/Database-Performance-Analyzer-DPA-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | +| SolarWinds | Orion Platform | | Not Affected | | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228) | | | 12/23/2021 | +| SolarWinds | Server & Application Monitor (SAM) | SAM 2020.2.6 and later | Affected | Yes | [Apache Log4j Critical Vulnerability (CVE-2021-44228)](https://www.solarwinds.com/trust-center/security-advisories/cve-2021-44228), [Server & Application Monitor (SAM) and the Apache Log4j Vulnerability (CVE-2021-44228)](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | For more information, please see the following KB article for the latest details specific to the SAM hotfix: [link](https://support.solarwinds.com/SuccessCenter/s/article/Server-Application-Monitor-SAM-and-the-Apache-Log4j-Vulnerability-CVE-2021-44228?language=en_US) | | 12/23/2021 | | SonarSource | | | | | [SonarSource](https://community.sonarsource.com/t/sonarqube-and-the-log4j-vulnerability/54721) | | | | | Sonatype | | | | | [Sonatype Vulnerability Statement](https://blog.sonatype.com/a-new-0-day-log4j-vulnerability-discovered-in-the-wild) | | | | | SonicWall | Capture Client & Capture Client Portal | | Not Affected | | [Sonic Wall Security Advisory](https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032) | Log4j2 not used in the Capture Client. | | 12/12/2021 |